1 use crate::prelude::*;
2 use alloc::sync::Arc;
3 use bitflags::Flags;
4 use core::fmt;
5 use core::num::NonZeroUsize;
6 use core::str::FromStr;
7 #[cfg(any(feature = "cranelift", feature = "winch"))]
8 use std::path::Path;
9 pub use wasmparser::WasmFeatures;
10 use wasmtime_environ::{ConfigTunables, OperatorCost, OperatorCostStrategy, TripleExt, Tunables};
11
12 #[cfg(feature = "runtime")]
13 use crate::memory::MemoryCreator;
14 #[cfg(feature = "runtime")]
15 use crate::profiling_agent::{self, ProfilingAgent};
16 #[cfg(feature = "runtime")]
17 use crate::runtime::vm::{
18 GcRuntime, InstanceAllocator, OnDemandInstanceAllocator, RuntimeMemoryCreator,
19 };
20 #[cfg(feature = "runtime")]
21 use crate::trampoline::MemoryCreatorProxy;
22
23 #[cfg(feature = "async")]
24 use crate::stack::{StackCreator, StackCreatorProxy};
25 #[cfg(feature = "async")]
26 use wasmtime_fiber::RuntimeFiberStackCreator;
27
28 #[cfg(feature = "runtime")]
29 pub use crate::runtime::code_memory::CustomCodeMemory;
30 #[cfg(feature = "cache")]
31 pub use wasmtime_cache::{Cache, CacheConfig};
32 #[cfg(all(feature = "incremental-cache", feature = "cranelift"))]
33 pub use wasmtime_environ::CacheStore;
34
35 pub(crate) const DEFAULT_WASM_BACKTRACE_MAX_FRAMES: NonZeroUsize = NonZeroUsize::new(20).unwrap();
36
37 /// Represents the module instance allocation strategy to use.
38 #[derive(Clone)]
39 #[non_exhaustive]
40 pub enum InstanceAllocationStrategy {
41 /// The on-demand instance allocation strategy.
42 ///
43 /// Resources related to a module instance are allocated at instantiation time and
44 /// immediately deallocated when the `Store` referencing the instance is dropped.
45 ///
46 /// This is the default allocation strategy for Wasmtime.
47 OnDemand,
48 /// The pooling instance allocation strategy.
49 ///
50 /// A pool of resources is created in advance and module instantiation reuses resources
51 /// from the pool. Resources are returned to the pool when the `Store` referencing the instance
52 /// is dropped.
53 #[cfg(feature = "pooling-allocator")]
54 Pooling(PoolingAllocationConfig),
55 }
56
57 impl InstanceAllocationStrategy {
58 /// The default pooling instance allocation strategy.
59 #[cfg(feature = "pooling-allocator")]
pooling() -> Self60 pub fn pooling() -> Self {
61 Self::Pooling(Default::default())
62 }
63 }
64
65 impl Default for InstanceAllocationStrategy {
default() -> Self66 fn default() -> Self {
67 Self::OnDemand
68 }
69 }
70
71 #[cfg(feature = "pooling-allocator")]
72 impl From<PoolingAllocationConfig> for InstanceAllocationStrategy {
from(cfg: PoolingAllocationConfig) -> InstanceAllocationStrategy73 fn from(cfg: PoolingAllocationConfig) -> InstanceAllocationStrategy {
74 InstanceAllocationStrategy::Pooling(cfg)
75 }
76 }
77
78 #[derive(Clone)]
79 /// Configure the strategy used for versioning in serializing and deserializing [`crate::Module`].
80 pub enum ModuleVersionStrategy {
81 /// Use the wasmtime crate's Cargo package version.
82 WasmtimeVersion,
83 /// Use a custom version string. Must be at most 255 bytes.
84 Custom(String),
85 /// Emit no version string in serialization, and accept all version strings in deserialization.
86 None,
87 }
88
89 impl Default for ModuleVersionStrategy {
default() -> Self90 fn default() -> Self {
91 ModuleVersionStrategy::WasmtimeVersion
92 }
93 }
94
95 impl core::hash::Hash for ModuleVersionStrategy {
hash<H: core::hash::Hasher>(&self, hasher: &mut H)96 fn hash<H: core::hash::Hasher>(&self, hasher: &mut H) {
97 match self {
98 Self::WasmtimeVersion => env!("CARGO_PKG_VERSION").hash(hasher),
99 Self::Custom(s) => s.hash(hasher),
100 Self::None => {}
101 };
102 }
103 }
104
105 impl ModuleVersionStrategy {
106 /// Get the string-encoding version of the module.
as_str(&self) -> &str107 pub fn as_str(&self) -> &str {
108 match &self {
109 Self::WasmtimeVersion => env!("CARGO_PKG_VERSION_MAJOR"),
110 Self::Custom(c) => c,
111 Self::None => "",
112 }
113 }
114 }
115
116 /// Configuration for record/replay
117 #[derive(Clone)]
118 #[non_exhaustive]
119 pub enum RRConfig {
120 #[cfg(feature = "rr")]
121 /// Recording on store is enabled
122 Recording,
123 #[cfg(feature = "rr")]
124 /// Replaying on store is enabled
125 Replaying,
126 /// No record/replay is enabled
127 None,
128 }
129
130 /// Global configuration options used to create an [`Engine`](crate::Engine)
131 /// and customize its behavior.
132 ///
133 /// This structure exposed a builder-like interface and is primarily consumed by
134 /// [`Engine::new()`](crate::Engine::new).
135 ///
136 /// The validation of `Config` is deferred until the engine is being built, thus
137 /// a problematic config may cause `Engine::new` to fail.
138 ///
139 /// # Defaults
140 ///
141 /// The `Default` trait implementation and the return value from
142 /// [`Config::new()`] are the same and represent the default set of
143 /// configuration for an engine. The exact set of defaults will differ based on
144 /// properties such as enabled Cargo features at compile time and the configured
145 /// target (see [`Config::target`]). Configuration options document their
146 /// default values and what the conditional value of the default is where
147 /// applicable.
148 #[derive(Clone)]
149 pub struct Config {
150 #[cfg(any(feature = "cranelift", feature = "winch"))]
151 compiler_config: Option<CompilerConfig>,
152 target: Option<target_lexicon::Triple>,
153 #[cfg(feature = "gc")]
154 collector: Collector,
155 profiling_strategy: ProfilingStrategy,
156 tunables: ConfigTunables,
157
158 #[cfg(feature = "cache")]
159 pub(crate) cache: Option<Cache>,
160 #[cfg(feature = "runtime")]
161 pub(crate) mem_creator: Option<Arc<dyn RuntimeMemoryCreator>>,
162 #[cfg(feature = "runtime")]
163 pub(crate) custom_code_memory: Option<Arc<dyn CustomCodeMemory>>,
164 pub(crate) allocation_strategy: InstanceAllocationStrategy,
165 pub(crate) max_wasm_stack: usize,
166 /// Explicitly enabled features via `Config::wasm_*` methods. This is a
167 /// signal that the embedder specifically wants something turned on
168 /// regardless of the defaults that Wasmtime might otherwise have enabled.
169 ///
170 /// Note that this, and `disabled_features` below, start as the empty set of
171 /// features to only track explicit user requests.
172 pub(crate) enabled_features: WasmFeatures,
173 /// Same as `enabled_features`, but for those that are explicitly disabled.
174 pub(crate) disabled_features: WasmFeatures,
175 pub(crate) wasm_backtrace_details_env_used: bool,
176 pub(crate) wasm_backtrace_max_frames: Option<NonZeroUsize>,
177 pub(crate) native_unwind_info: Option<bool>,
178 #[cfg(any(feature = "async", feature = "stack-switching"))]
179 pub(crate) async_stack_size: usize,
180 #[cfg(feature = "async")]
181 pub(crate) async_stack_zeroing: bool,
182 #[cfg(feature = "async")]
183 pub(crate) stack_creator: Option<Arc<dyn RuntimeFiberStackCreator>>,
184 pub(crate) module_version: ModuleVersionStrategy,
185 pub(crate) parallel_compilation: bool,
186 pub(crate) memory_guaranteed_dense_image_size: u64,
187 pub(crate) force_memory_init_memfd: bool,
188 pub(crate) wmemcheck: bool,
189 #[cfg(feature = "coredump")]
190 pub(crate) coredump_on_trap: bool,
191 pub(crate) macos_use_mach_ports: bool,
192 pub(crate) detect_host_feature: Option<fn(&str) -> Option<bool>>,
193 pub(crate) x86_float_abi_ok: Option<bool>,
194 pub(crate) shared_memory: bool,
195 pub(crate) rr_config: RRConfig,
196 }
197
198 /// User-provided configuration for the compiler.
199 #[cfg(any(feature = "cranelift", feature = "winch"))]
200 #[derive(Debug, Clone)]
201 struct CompilerConfig {
202 strategy: Option<Strategy>,
203 settings: crate::hash_map::HashMap<String, String>,
204 flags: crate::hash_set::HashSet<String>,
205 #[cfg(all(feature = "incremental-cache", feature = "cranelift"))]
206 cache_store: Option<Arc<dyn CacheStore>>,
207 clif_dir: Option<std::path::PathBuf>,
208 wmemcheck: bool,
209 }
210
211 #[cfg(any(feature = "cranelift", feature = "winch"))]
212 impl CompilerConfig {
new() -> Self213 fn new() -> Self {
214 Self {
215 strategy: Strategy::Auto.not_auto(),
216 settings: Default::default(),
217 flags: Default::default(),
218 #[cfg(all(feature = "incremental-cache", feature = "cranelift"))]
219 cache_store: None,
220 clif_dir: None,
221 wmemcheck: false,
222 }
223 }
224
225 /// Ensures that the key is not set or equals to the given value.
226 /// If the key is not set, it will be set to the given value.
227 ///
228 /// # Returns
229 ///
230 /// Returns true if successfully set or already had the given setting
231 /// value, or false if the setting was explicitly set to something
232 /// else previously.
ensure_setting_unset_or_given(&mut self, k: &str, v: &str) -> bool233 fn ensure_setting_unset_or_given(&mut self, k: &str, v: &str) -> bool {
234 if let Some(value) = self.settings.get(k) {
235 if value != v {
236 return false;
237 }
238 } else {
239 self.settings.insert(k.to_string(), v.to_string());
240 }
241 true
242 }
243 }
244
245 #[cfg(any(feature = "cranelift", feature = "winch"))]
246 impl Default for CompilerConfig {
default() -> Self247 fn default() -> Self {
248 Self::new()
249 }
250 }
251
252 impl Config {
253 /// Creates a new configuration object with the default configuration
254 /// specified.
new() -> Self255 pub fn new() -> Self {
256 let mut ret = Self {
257 tunables: ConfigTunables::default(),
258 #[cfg(any(feature = "cranelift", feature = "winch"))]
259 compiler_config: Some(CompilerConfig::default()),
260 target: None,
261 #[cfg(feature = "gc")]
262 collector: Collector::default(),
263 #[cfg(feature = "cache")]
264 cache: None,
265 profiling_strategy: ProfilingStrategy::None,
266 #[cfg(feature = "runtime")]
267 mem_creator: None,
268 #[cfg(feature = "runtime")]
269 custom_code_memory: None,
270 allocation_strategy: InstanceAllocationStrategy::OnDemand,
271 // 512k of stack -- note that this is chosen currently to not be too
272 // big, not be too small, and be a good default for most platforms.
273 // One platform of particular note is Windows where the stack size
274 // of the main thread seems to, by default, be smaller than that of
275 // Linux and macOS. This 512k value at least lets our current test
276 // suite pass on the main thread of Windows (using `--test-threads
277 // 1` forces this), or at least it passed when this change was
278 // committed.
279 max_wasm_stack: 512 * 1024,
280 wasm_backtrace_details_env_used: false,
281 wasm_backtrace_max_frames: Some(DEFAULT_WASM_BACKTRACE_MAX_FRAMES),
282 native_unwind_info: None,
283 enabled_features: WasmFeatures::empty(),
284 disabled_features: WasmFeatures::empty(),
285 #[cfg(any(feature = "async", feature = "stack-switching"))]
286 async_stack_size: 2 << 20,
287 #[cfg(feature = "async")]
288 async_stack_zeroing: false,
289 #[cfg(feature = "async")]
290 stack_creator: None,
291 module_version: ModuleVersionStrategy::default(),
292 parallel_compilation: !cfg!(miri),
293 memory_guaranteed_dense_image_size: 16 << 20,
294 force_memory_init_memfd: false,
295 wmemcheck: false,
296 #[cfg(feature = "coredump")]
297 coredump_on_trap: false,
298 macos_use_mach_ports: !cfg!(miri),
299 #[cfg(feature = "std")]
300 detect_host_feature: Some(detect_host_feature),
301 #[cfg(not(feature = "std"))]
302 detect_host_feature: None,
303 x86_float_abi_ok: None,
304 shared_memory: false,
305 rr_config: RRConfig::None,
306 };
307 ret.wasm_backtrace_details(WasmBacktraceDetails::Environment);
308 ret
309 }
310
311 #[cfg(any(feature = "cranelift", feature = "winch"))]
has_compiler(&self) -> bool312 pub(crate) fn has_compiler(&self) -> bool {
313 self.compiler_config.is_some()
314 }
315
316 #[track_caller]
317 #[cfg(any(feature = "cranelift", feature = "winch"))]
compiler_config_mut(&mut self) -> &mut CompilerConfig318 fn compiler_config_mut(&mut self) -> &mut CompilerConfig {
319 self.compiler_config.as_mut().expect(
320 "cannot configure compiler settings for `Config`s \
321 created by `Config::without_compiler`",
322 )
323 }
324
325 /// Configure whether Wasm compilation is enabled.
326 ///
327 /// Disabling Wasm compilation will allow you to load and run
328 /// [pre-compiled][crate::Engine::precompile_module] Wasm programs, but not
329 /// to compile and run new Wasm programs that have not already been
330 /// pre-compiled.
331 ///
332 /// Many compilation-related configuration methods will panic if compilation
333 /// has been disabled.
334 ///
335 /// Note that there are two ways to disable Wasm compilation:
336 ///
337 /// 1. Statically, by disabling the `"cranelift"` and `"winch"` cargo
338 /// features when building Wasmtime. These builds of Wasmtime will have
339 /// smaller code size, since they do not include any of the code to
340 /// compile Wasm.
341 ///
342 /// 2. Dynamically, by passing `false` to this method at run-time when
343 /// configuring Wasmtime. The Wasmtime binary will still include the code
344 /// for compiling Wasm, it just won't be executed, so code size is larger
345 /// than with the first approach.
346 ///
347 /// The static approach is better in most cases, however dynamically calling
348 /// `enable_compiler(false)` is useful whenever you create multiple
349 /// `Engine`s in the same process, some of which must be able to compile
350 /// Wasm and some of which should never do so. Tests are a common example of
351 /// such a situation, especially when there are multiple Rust binaries in
352 /// the same cargo workspace, and cargo's feature resolution enables the
353 /// `"cranelift"` or `"winch"` features across the whole workspace.
354 #[cfg(any(feature = "cranelift", feature = "winch"))]
enable_compiler(&mut self, enable: bool) -> &mut Self355 pub fn enable_compiler(&mut self, enable: bool) -> &mut Self {
356 match (enable, &self.compiler_config) {
357 (true, Some(_)) | (false, None) => {}
358 (true, None) => {
359 self.compiler_config = Some(CompilerConfig::default());
360 }
361 (false, Some(_)) => {
362 self.compiler_config = None;
363 }
364 }
365 self
366 }
367
368 /// Configures the target platform of this [`Config`].
369 ///
370 /// This method is used to configure the output of compilation in an
371 /// [`Engine`](crate::Engine). This can be used, for example, to
372 /// cross-compile from one platform to another. By default, the host target
373 /// triple is used meaning compiled code is suitable to run on the host.
374 ///
375 /// Note that the [`Module`](crate::Module) type can only be created if the
376 /// target configured here matches the host. Otherwise if a cross-compile is
377 /// being performed where the host doesn't match the target then
378 /// [`Engine::precompile_module`](crate::Engine::precompile_module) must be
379 /// used instead.
380 ///
381 /// Target-specific flags (such as CPU features) will not be inferred by
382 /// default for the target when one is provided here. This means that this
383 /// can also be used, for example, with the host architecture to disable all
384 /// host-inferred feature flags. Configuring target-specific flags can be
385 /// done with [`Config::cranelift_flag_set`] and
386 /// [`Config::cranelift_flag_enable`].
387 ///
388 /// # Errors
389 ///
390 /// This method will error if the given target triple is not supported.
target(&mut self, target: &str) -> Result<&mut Self>391 pub fn target(&mut self, target: &str) -> Result<&mut Self> {
392 self.target =
393 Some(target_lexicon::Triple::from_str(target).map_err(|e| crate::format_err!(e))?);
394
395 Ok(self)
396 }
397
398 /// Enables the incremental compilation cache in Cranelift, using the provided `CacheStore`
399 /// backend for storage.
400 ///
401 /// # Panics
402 ///
403 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
404 #[cfg(all(feature = "incremental-cache", feature = "cranelift"))]
enable_incremental_compilation( &mut self, cache_store: Arc<dyn CacheStore>, ) -> Result<&mut Self>405 pub fn enable_incremental_compilation(
406 &mut self,
407 cache_store: Arc<dyn CacheStore>,
408 ) -> Result<&mut Self> {
409 self.compiler_config_mut().cache_store = Some(cache_store);
410 Ok(self)
411 }
412
413 #[doc(hidden)]
414 #[deprecated(note = "no longer has any effect")]
415 #[cfg(feature = "async")]
async_support(&mut self, _enable: bool) -> &mut Self416 pub fn async_support(&mut self, _enable: bool) -> &mut Self {
417 self
418 }
419
420 /// Configures whether DWARF debug information will be emitted
421 /// during compilation for a native debugger on the Wasmtime
422 /// process to consume.
423 ///
424 /// Note that the `debug-builtins` compile-time Cargo feature must also be
425 /// enabled for native debuggers such as GDB or LLDB to be able to debug
426 /// guest WebAssembly programs.
427 ///
428 /// By default this option is `false`.
429 /// **Note** Enabling this option is not compatible with the Winch compiler.
debug_info(&mut self, enable: bool) -> &mut Self430 pub fn debug_info(&mut self, enable: bool) -> &mut Self {
431 self.tunables.debug_native = Some(enable);
432 self
433 }
434
435 /// Configures whether compiled guest code will be instrumented to
436 /// provide debugging at the Wasm VM level.
437 ///
438 /// This is required in order to enable a guest-level debugging
439 /// API that can precisely examine Wasm VM state and (eventually,
440 /// once it is complete) set breakpoints and watchpoints and step
441 /// through code.
442 ///
443 /// Without this enabled, debugging can only be done via a native
444 /// debugger operating on the compiled guest code (see
445 /// [`Config::debug_info`] and is "best-effort": we may be able to
446 /// recover some Wasm locals or operand stack values, but it is
447 /// not guaranteed, even when optimizations are disabled.
448 ///
449 /// When this is enabled, additional instrumentation is inserted
450 /// that directly tracks the Wasm VM state at every step. This has
451 /// some performance impact, but allows perfect debugging
452 /// fidelity.
453 ///
454 /// Breakpoints, watchpoints, and stepping are not yet supported,
455 /// but will be added in a future version of Wasmtime.
456 ///
457 /// This enables use of the [`crate::FrameHandle`] API which is
458 /// provided by [`crate::Caller::debug_exit_frames`] or
459 /// [`crate::Store::debug_exit_frames`].
460 ///
461 /// ***Note*** Enabling this option is not compatible with the
462 /// Winch compiler.
463 #[cfg(feature = "debug")]
guest_debug(&mut self, enable: bool) -> &mut Self464 pub fn guest_debug(&mut self, enable: bool) -> &mut Self {
465 self.tunables.debug_guest = Some(enable);
466 self
467 }
468
469 /// Configures whether [`WasmBacktrace`] will be present in the context of
470 /// errors returned from Wasmtime.
471 ///
472 /// This method is deprecated in favor of
473 /// [`Config::wasm_backtrace_max_frames`]. Calling `wasm_backtrace(false)`
474 /// is equivalent to `wasm_backtrace_max_frames(None)`, and
475 /// `wasm_backtrace(true)` will leave `wasm_backtrace_max_frames` unchanged
476 /// if the value is `Some` and will otherwise restore the default `Some`
477 /// value.
478 ///
479 /// [`WasmBacktrace`]: crate::WasmBacktrace
480 #[deprecated = "use `wasm_backtrace_max_frames` instead"]
wasm_backtrace(&mut self, enable: bool) -> &mut Self481 pub fn wasm_backtrace(&mut self, enable: bool) -> &mut Self {
482 match (enable, self.wasm_backtrace_max_frames) {
483 (false, _) => self.wasm_backtrace_max_frames = None,
484 // Wasm backtraces were disabled; enable them with the
485 // default maximum number of frames to capture.
486 (true, None) => {
487 self.wasm_backtrace_max_frames = Some(DEFAULT_WASM_BACKTRACE_MAX_FRAMES)
488 }
489 // Wasm backtraces are already enabled; keep the existing
490 // max-frames configuration.
491 (true, Some(_)) => {}
492 }
493 self
494 }
495
496 /// Configures whether backtraces in `Trap` will parse debug info in the wasm file to
497 /// have filename/line number information.
498 ///
499 /// When enabled this will causes modules to retain debugging information
500 /// found in wasm binaries. This debug information will be used when a trap
501 /// happens to symbolicate each stack frame and attempt to print a
502 /// filename/line number for each wasm frame in the stack trace.
503 ///
504 /// By default this option is `WasmBacktraceDetails::Environment`, meaning
505 /// that wasm will read `WASMTIME_BACKTRACE_DETAILS` to indicate whether
506 /// details should be parsed. Note that the `std` feature of this crate must
507 /// be active to read environment variables, otherwise this is disabled by
508 /// default.
wasm_backtrace_details(&mut self, enable: WasmBacktraceDetails) -> &mut Self509 pub fn wasm_backtrace_details(&mut self, enable: WasmBacktraceDetails) -> &mut Self {
510 self.wasm_backtrace_details_env_used = false;
511 self.tunables.parse_wasm_debuginfo = match enable {
512 WasmBacktraceDetails::Enable => Some(true),
513 WasmBacktraceDetails::Disable => Some(false),
514 WasmBacktraceDetails::Environment => {
515 #[cfg(feature = "std")]
516 {
517 self.wasm_backtrace_details_env_used = true;
518 std::env::var("WASMTIME_BACKTRACE_DETAILS")
519 .map(|s| Some(s == "1"))
520 .unwrap_or(Some(false))
521 }
522 #[cfg(not(feature = "std"))]
523 {
524 Some(false)
525 }
526 }
527 };
528 self
529 }
530
531 /// Configures the maximum number of WebAssembly frames to collect in
532 /// backtraces.
533 ///
534 /// A backtrace may be collected whenever an error is returned from a host
535 /// function call through to WebAssembly or when WebAssembly itself hits a
536 /// trap condition, such as an out-of-bounds memory access. This flag
537 /// indicates, in these conditions, whether the backtrace is collected or
538 /// not and how many frames should be collected.
539 ///
540 /// Currently wasm backtraces are implemented through frame pointer walking.
541 /// This means that collecting a backtrace is expected to be a fast and
542 /// relatively cheap operation. Additionally backtrace collection is
543 /// suitable in concurrent environments since one thread capturing a
544 /// backtrace won't block other threads.
545 ///
546 /// Collected backtraces are attached via
547 /// [`Error::context`](crate::Error::context) to errors returned from host
548 /// functions. The [`WasmBacktrace`] type can be acquired via
549 /// [`Error::downcast_ref`](crate::Error::downcast_ref) to inspect the
550 /// backtrace. When this option is set to `None` then this context is never
551 /// applied to errors coming out of wasm.
552 ///
553 /// The default value is 20.
554 ///
555 /// [`WasmBacktrace`]: crate::WasmBacktrace
wasm_backtrace_max_frames(&mut self, limit: Option<NonZeroUsize>) -> &mut Self556 pub fn wasm_backtrace_max_frames(&mut self, limit: Option<NonZeroUsize>) -> &mut Self {
557 self.wasm_backtrace_max_frames = limit;
558 self
559 }
560
561 /// Configures whether to generate native unwind information
562 /// (e.g. `.eh_frame` on Linux).
563 ///
564 /// This configuration option only exists to help third-party stack
565 /// capturing mechanisms, such as the system's unwinder or the `backtrace`
566 /// crate, determine how to unwind through Wasm frames. It does not affect
567 /// whether Wasmtime can capture Wasm backtraces or not. The presence of
568 /// [`WasmBacktrace`] is controlled by the
569 /// [`Config::wasm_backtrace_max_frames`] option.
570 ///
571 /// Native unwind information is included:
572 /// - When targeting Windows, since the Windows ABI requires it.
573 /// - By default.
574 ///
575 /// Note that systems loading many modules may wish to disable this
576 /// configuration option instead of leaving it on-by-default. Some platforms
577 /// exhibit quadratic behavior when registering/unregistering unwinding
578 /// information which can greatly slow down the module loading/unloading
579 /// process.
580 ///
581 /// [`WasmBacktrace`]: crate::WasmBacktrace
native_unwind_info(&mut self, enable: bool) -> &mut Self582 pub fn native_unwind_info(&mut self, enable: bool) -> &mut Self {
583 self.native_unwind_info = Some(enable);
584 self
585 }
586
587 /// Configures whether execution of WebAssembly will "consume fuel" to
588 /// either halt or yield execution as desired.
589 ///
590 /// This can be used to deterministically prevent infinitely-executing
591 /// WebAssembly code by instrumenting generated code to consume fuel as it
592 /// executes. When fuel runs out a trap is raised, however [`Store`] can be
593 /// configured to yield execution periodically via
594 /// [`crate::Store::fuel_async_yield_interval`].
595 ///
596 /// Note that a [`Store`] starts with no fuel, so if you enable this option
597 /// you'll have to be sure to pour some fuel into [`Store`] before
598 /// executing some code.
599 ///
600 /// By default this option is `false`.
601 ///
602 /// **Note** Enabling this option is not compatible with the Winch compiler.
603 ///
604 /// [`Store`]: crate::Store
consume_fuel(&mut self, enable: bool) -> &mut Self605 pub fn consume_fuel(&mut self, enable: bool) -> &mut Self {
606 self.tunables.consume_fuel = Some(enable);
607 self
608 }
609
610 /// Configures the fuel cost of each WebAssembly operator.
611 ///
612 /// This is only relevant when [`Config::consume_fuel`] is enabled.
operator_cost(&mut self, cost: OperatorCost) -> &mut Self613 pub fn operator_cost(&mut self, cost: OperatorCost) -> &mut Self {
614 self.tunables.operator_cost = Some(OperatorCostStrategy::table(cost));
615 self
616 }
617
618 /// Enables epoch-based interruption.
619 ///
620 /// When executing code in async mode, we sometimes want to
621 /// implement a form of cooperative timeslicing: long-running Wasm
622 /// guest code should periodically yield to the executor
623 /// loop. This yielding could be implemented by using "fuel" (see
624 /// [`consume_fuel`](Config::consume_fuel)). However, fuel
625 /// instrumentation is somewhat expensive: it modifies the
626 /// compiled form of the Wasm code so that it maintains a precise
627 /// instruction count, frequently checking this count against the
628 /// remaining fuel. If one does not need this precise count or
629 /// deterministic interruptions, and only needs a periodic
630 /// interrupt of some form, then It would be better to have a more
631 /// lightweight mechanism.
632 ///
633 /// Epoch-based interruption is that mechanism. There is a global
634 /// "epoch", which is a counter that divides time into arbitrary
635 /// periods (or epochs). This counter lives on the
636 /// [`Engine`](crate::Engine) and can be incremented by calling
637 /// [`Engine::increment_epoch`](crate::Engine::increment_epoch).
638 /// Epoch-based instrumentation works by setting a "deadline
639 /// epoch". The compiled code knows the deadline, and at certain
640 /// points, checks the current epoch against that deadline. It
641 /// will yield if the deadline has been reached.
642 ///
643 /// The idea is that checking an infrequently-changing counter is
644 /// cheaper than counting and frequently storing a precise metric
645 /// (instructions executed) locally. The interruptions are not
646 /// deterministic, but if the embedder increments the epoch in a
647 /// periodic way (say, every regular timer tick by a thread or
648 /// signal handler), then we can ensure that all async code will
649 /// yield to the executor within a bounded time.
650 ///
651 /// The deadline check cannot be avoided by malicious wasm code. It is safe
652 /// to use epoch deadlines to limit the execution time of untrusted
653 /// code.
654 ///
655 /// The [`Store`](crate::Store) tracks the deadline, and controls
656 /// what happens when the deadline is reached during
657 /// execution. Several behaviors are possible:
658 ///
659 /// - Trap if code is executing when the epoch deadline is
660 /// met. See
661 /// [`Store::epoch_deadline_trap`](crate::Store::epoch_deadline_trap).
662 ///
663 /// - Call an arbitrary function. This function may chose to trap or
664 /// increment the epoch. See
665 /// [`Store::epoch_deadline_callback`](crate::Store::epoch_deadline_callback).
666 ///
667 /// - Yield to the executor loop, then resume when the future is
668 /// next polled. See
669 /// [`Store::epoch_deadline_async_yield_and_update`](crate::Store::epoch_deadline_async_yield_and_update).
670 ///
671 /// Trapping is the default. The yielding behaviour may be used for
672 /// the timeslicing behavior described above.
673 ///
674 /// This feature is available with or without async support.
675 /// However, without async support, the timeslicing behaviour is
676 /// not available. This means epoch-based interruption can only
677 /// serve as a simple external-interruption mechanism.
678 ///
679 /// An initial deadline must be set before executing code by calling
680 /// [`Store::set_epoch_deadline`](crate::Store::set_epoch_deadline). If this
681 /// deadline is not configured then wasm will immediately trap.
682 ///
683 /// ## Interaction with blocking host calls
684 ///
685 /// Epochs (and fuel) do not assist in handling WebAssembly code blocked in
686 /// a call to the host. For example if the WebAssembly function calls
687 /// `wasi:io/poll.poll` to sleep epochs will not assist in waking this up or
688 /// timing it out. Epochs intentionally only affect running WebAssembly code
689 /// itself and it's left to the embedder to determine how best to wake up
690 /// indefinitely blocking code in the host.
691 ///
692 /// The typical solution for this, however, is to use the `async` variant of
693 /// WASI host functions. This models computation as a Rust `Future` which
694 /// means that when blocking happens the future is only suspended and
695 /// control yields back to the main event loop. This gives the embedder the
696 /// opportunity to use `tokio::time::timeout` for example on a wasm
697 /// computation and have the desired effect of cancelling a blocking
698 /// operation when a timeout expires.
699 ///
700 /// ## When to use fuel vs. epochs
701 ///
702 /// In general, epoch-based interruption results in faster
703 /// execution. This difference is sometimes significant: in some
704 /// measurements, up to 2-3x. This is because epoch-based
705 /// interruption does less work: it only watches for a global
706 /// rarely-changing counter to increment, rather than keeping a
707 /// local frequently-changing counter and comparing it to a
708 /// deadline.
709 ///
710 /// Fuel, in contrast, should be used when *deterministic*
711 /// yielding or trapping is needed. For example, if it is required
712 /// that the same function call with the same starting state will
713 /// always either complete or trap with an out-of-fuel error,
714 /// deterministically, then fuel with a fixed bound should be
715 /// used.
716 ///
717 /// **Note** Enabling this option is not compatible with the Winch compiler.
718 ///
719 /// # See Also
720 ///
721 /// - [`Engine::increment_epoch`](crate::Engine::increment_epoch)
722 /// - [`Store::set_epoch_deadline`](crate::Store::set_epoch_deadline)
723 /// - [`Store::epoch_deadline_trap`](crate::Store::epoch_deadline_trap)
724 /// - [`Store::epoch_deadline_callback`](crate::Store::epoch_deadline_callback)
725 /// - [`Store::epoch_deadline_async_yield_and_update`](crate::Store::epoch_deadline_async_yield_and_update)
epoch_interruption(&mut self, enable: bool) -> &mut Self726 pub fn epoch_interruption(&mut self, enable: bool) -> &mut Self {
727 self.tunables.epoch_interruption = Some(enable);
728 self
729 }
730
731 /// Configures the maximum amount of stack space available for
732 /// executing WebAssembly code.
733 ///
734 /// WebAssembly has well-defined semantics on stack overflow. This is
735 /// intended to be a knob which can help configure how much stack space
736 /// wasm execution is allowed to consume. Note that the number here is not
737 /// super-precise, but rather wasm will take at most "pretty close to this
738 /// much" stack space.
739 ///
740 /// If a wasm call (or series of nested wasm calls) take more stack space
741 /// than the `size` specified then a stack overflow trap will be raised.
742 ///
743 /// Caveat: this knob only limits the stack space consumed by wasm code.
744 /// More importantly, it does not ensure that this much stack space is
745 /// available on the calling thread stack. Exhausting the thread stack
746 /// typically leads to an **abort** of the process.
747 ///
748 /// Here are some examples of how that could happen:
749 ///
750 /// - Let's assume this option is set to 2 MiB and then a thread that has
751 /// a stack with 512 KiB left.
752 ///
753 /// If wasm code consumes more than 512 KiB then the process will be aborted.
754 ///
755 /// - Assuming the same conditions, but this time wasm code does not consume
756 /// any stack but calls into a host function. The host function consumes
757 /// more than 512 KiB of stack space. The process will be aborted.
758 ///
759 /// There's another gotcha related to recursive calling into wasm: the stack
760 /// space consumed by a host function is counted towards this limit. The
761 /// host functions are not prevented from consuming more than this limit.
762 /// However, if the host function that used more than this limit and called
763 /// back into wasm, then the execution will trap immediately because of
764 /// stack overflow.
765 ///
766 /// When the `async` feature is enabled, this value cannot exceed the
767 /// `async_stack_size` option. Be careful not to set this value too close
768 /// to `async_stack_size` as doing so may limit how much stack space
769 /// is available for host functions.
770 ///
771 /// By default this option is 512 KiB.
772 ///
773 /// # Errors
774 ///
775 /// The `Engine::new` method will fail if the `size` specified here is
776 /// either 0 or larger than the [`Config::async_stack_size`] configuration.
max_wasm_stack(&mut self, size: usize) -> &mut Self777 pub fn max_wasm_stack(&mut self, size: usize) -> &mut Self {
778 self.max_wasm_stack = size;
779 self
780 }
781
782 /// Configures the size of the stacks used for asynchronous execution.
783 ///
784 /// This setting configures the size of the stacks that are allocated for
785 /// asynchronous execution. The value cannot be less than `max_wasm_stack`.
786 ///
787 /// The amount of stack space guaranteed for host functions is
788 /// `async_stack_size - max_wasm_stack`, so take care not to set these two values
789 /// close to one another; doing so may cause host functions to overflow the
790 /// stack and abort the process.
791 ///
792 /// By default this option is 2 MiB.
793 ///
794 /// # Errors
795 ///
796 /// The `Engine::new` method will fail if the value for this option is
797 /// smaller than the [`Config::max_wasm_stack`] option.
798 #[cfg(any(feature = "async", feature = "stack-switching"))]
async_stack_size(&mut self, size: usize) -> &mut Self799 pub fn async_stack_size(&mut self, size: usize) -> &mut Self {
800 self.async_stack_size = size;
801 self
802 }
803
804 /// Configures whether or not stacks used for async futures are zeroed
805 /// before (re)use.
806 ///
807 /// When the [`call_async`] variant of calling WebAssembly is used
808 /// then Wasmtime will create a separate runtime execution stack for each
809 /// future produced by [`call_async`]. By default upon allocation, depending
810 /// on the platform, these stacks might be filled with uninitialized
811 /// memory. This is safe and correct because, modulo bugs in Wasmtime,
812 /// compiled Wasm code will never read from a stack slot before it
813 /// initializes the stack slot.
814 ///
815 /// However, as a defense-in-depth mechanism, you may configure Wasmtime to
816 /// ensure that these stacks are zeroed before they are used. Notably, if
817 /// you are using the pooling allocator, stacks can be pooled and reused
818 /// across different Wasm guests; ensuring that stacks are zeroed can
819 /// prevent data leakage between Wasm guests even in the face of potential
820 /// read-of-stack-slot-before-initialization bugs in Wasmtime's compiler.
821 ///
822 /// Stack zeroing can be a costly operation in highly concurrent
823 /// environments due to modifications of the virtual address space requiring
824 /// process-wide synchronization. It can also be costly in `no-std`
825 /// environments that must manually zero memory, and cannot rely on an OS
826 /// and virtual memory to provide zeroed pages.
827 ///
828 /// This option defaults to `false`.
829 ///
830 /// [`call_async`]: crate::TypedFunc::call_async
831 #[cfg(feature = "async")]
async_stack_zeroing(&mut self, enable: bool) -> &mut Self832 pub fn async_stack_zeroing(&mut self, enable: bool) -> &mut Self {
833 self.async_stack_zeroing = enable;
834 self
835 }
836
837 /// Explicitly enables (and un-disables) a given set of [`WasmFeatures`].
838 ///
839 /// Note: this is a low-level method that does not necessarily imply that
840 /// wasmtime _supports_ a feature. It should only be used to _disable_
841 /// features that callers want to be rejected by the parser or _enable_
842 /// features callers are certain that the current configuration of wasmtime
843 /// supports.
844 ///
845 /// Feature validation is deferred until an engine is being built, thus by
846 /// enabling features here a caller may cause
847 /// [`Engine::new`](crate::Engine::new) to fail later, if the feature
848 /// configuration isn't supported.
wasm_features(&mut self, flag: WasmFeatures, enable: bool) -> &mut Self849 pub fn wasm_features(&mut self, flag: WasmFeatures, enable: bool) -> &mut Self {
850 self.enabled_features.set(flag, enable);
851 self.disabled_features.set(flag, !enable);
852 self
853 }
854
855 /// Configures whether the WebAssembly tail calls proposal will be enabled
856 /// for compilation or not.
857 ///
858 /// The [WebAssembly tail calls proposal] introduces the `return_call` and
859 /// `return_call_indirect` instructions. These instructions allow for Wasm
860 /// programs to implement some recursive algorithms with *O(1)* stack space
861 /// usage.
862 ///
863 /// This is `true` by default except when the Winch compiler is enabled.
864 ///
865 /// [WebAssembly tail calls proposal]: https://github.com/WebAssembly/tail-call
wasm_tail_call(&mut self, enable: bool) -> &mut Self866 pub fn wasm_tail_call(&mut self, enable: bool) -> &mut Self {
867 self.wasm_features(WasmFeatures::TAIL_CALL, enable);
868 self
869 }
870
871 /// Configures whether the WebAssembly custom-page-sizes proposal will be
872 /// enabled for compilation or not.
873 ///
874 /// The [WebAssembly custom-page-sizes proposal] allows a memory to
875 /// customize its page sizes. By default, Wasm page sizes are 64KiB
876 /// large. This proposal allows the memory to opt into smaller page sizes
877 /// instead, allowing Wasm to run in environments with less than 64KiB RAM
878 /// available, for example.
879 ///
880 /// Note that the page size is part of the memory's type, and because
881 /// different memories may have different types, they may also have
882 /// different page sizes.
883 ///
884 /// Currently the only valid page sizes are 64KiB (the default) and 1
885 /// byte. Future extensions may relax this constraint and allow all powers
886 /// of two.
887 ///
888 /// Support for this proposal is disabled by default.
889 ///
890 /// [WebAssembly custom-page-sizes proposal]: https://github.com/WebAssembly/custom-page-sizes
wasm_custom_page_sizes(&mut self, enable: bool) -> &mut Self891 pub fn wasm_custom_page_sizes(&mut self, enable: bool) -> &mut Self {
892 self.wasm_features(WasmFeatures::CUSTOM_PAGE_SIZES, enable);
893 self
894 }
895
896 /// Configures whether the WebAssembly [threads] proposal will be enabled
897 /// for compilation.
898 ///
899 /// This feature gates items such as shared memories and atomic
900 /// instructions. Note that the threads feature depends on the bulk memory
901 /// feature, which is enabled by default. Additionally note that while the
902 /// wasm feature is called "threads" it does not actually include the
903 /// ability to spawn threads. Spawning threads is part of the [wasi-threads]
904 /// proposal which is a separately gated feature in Wasmtime.
905 ///
906 /// Embeddings of Wasmtime are able to build their own custom threading
907 /// scheme on top of the core wasm threads proposal, however.
908 ///
909 /// The default value for this option is whether the `threads`
910 /// crate feature of Wasmtime is enabled or not. By default this crate
911 /// feature is enabled.
912 ///
913 /// [threads]: https://github.com/webassembly/threads
914 /// [wasi-threads]: https://github.com/webassembly/wasi-threads
915 #[cfg(feature = "threads")]
wasm_threads(&mut self, enable: bool) -> &mut Self916 pub fn wasm_threads(&mut self, enable: bool) -> &mut Self {
917 self.wasm_features(WasmFeatures::THREADS, enable);
918 self
919 }
920
921 /// Configures whether the WebAssembly [shared-everything-threads] proposal
922 /// will be enabled for compilation.
923 ///
924 /// This feature gates extended use of the `shared` attribute on items other
925 /// than memories, extra atomic instructions, and new component model
926 /// intrinsics for spawning threads. It depends on the
927 /// [`wasm_threads`][Self::wasm_threads] being enabled.
928 ///
929 /// [shared-everything-threads]:
930 /// https://github.com/webassembly/shared-everything-threads
wasm_shared_everything_threads(&mut self, enable: bool) -> &mut Self931 pub fn wasm_shared_everything_threads(&mut self, enable: bool) -> &mut Self {
932 self.wasm_features(WasmFeatures::SHARED_EVERYTHING_THREADS, enable);
933 self
934 }
935
936 /// Configures whether the [WebAssembly reference types proposal][proposal]
937 /// will be enabled for compilation.
938 ///
939 /// This feature gates items such as the `externref` and `funcref` types as
940 /// well as allowing a module to define multiple tables.
941 ///
942 /// Note that the reference types proposal depends on the bulk memory proposal.
943 ///
944 /// This feature is `true` by default.
945 ///
946 /// # Errors
947 ///
948 /// The validation of this feature are deferred until the engine is being built,
949 /// and thus may cause `Engine::new` fail if the `bulk_memory` feature is disabled.
950 ///
951 /// [proposal]: https://github.com/webassembly/reference-types
952 #[cfg(feature = "gc")]
wasm_reference_types(&mut self, enable: bool) -> &mut Self953 pub fn wasm_reference_types(&mut self, enable: bool) -> &mut Self {
954 self.wasm_features(WasmFeatures::REFERENCE_TYPES, enable);
955 self
956 }
957
958 /// Configures whether the [WebAssembly function references
959 /// proposal][proposal] will be enabled for compilation.
960 ///
961 /// This feature gates non-nullable reference types, function reference
962 /// types, `call_ref`, `ref.func`, and non-nullable reference related
963 /// instructions.
964 ///
965 /// Note that the function references proposal depends on the reference
966 /// types proposal.
967 ///
968 /// This feature is `false` by default.
969 ///
970 /// [proposal]: https://github.com/WebAssembly/function-references
971 #[cfg(feature = "gc")]
wasm_function_references(&mut self, enable: bool) -> &mut Self972 pub fn wasm_function_references(&mut self, enable: bool) -> &mut Self {
973 self.wasm_features(WasmFeatures::FUNCTION_REFERENCES, enable);
974 self
975 }
976
977 /// Configures whether the [WebAssembly wide-arithmetic][proposal] will be
978 /// enabled for compilation.
979 ///
980 /// This feature is `false` by default.
981 ///
982 /// [proposal]: https://github.com/WebAssembly/wide-arithmetic
wasm_wide_arithmetic(&mut self, enable: bool) -> &mut Self983 pub fn wasm_wide_arithmetic(&mut self, enable: bool) -> &mut Self {
984 self.wasm_features(WasmFeatures::WIDE_ARITHMETIC, enable);
985 self
986 }
987
988 /// Configures whether the [WebAssembly Garbage Collection
989 /// proposal][proposal] will be enabled for compilation.
990 ///
991 /// This feature gates `struct` and `array` type definitions and references,
992 /// the `i31ref` type, and all related instructions.
993 ///
994 /// Note that the function references proposal depends on the typed function
995 /// references proposal.
996 ///
997 /// This feature is `false` by default.
998 ///
999 /// **Warning: Wasmtime's implementation of the GC proposal is still in
1000 /// progress and generally not ready for primetime.**
1001 ///
1002 /// [proposal]: https://github.com/WebAssembly/gc
1003 #[cfg(feature = "gc")]
wasm_gc(&mut self, enable: bool) -> &mut Self1004 pub fn wasm_gc(&mut self, enable: bool) -> &mut Self {
1005 self.wasm_features(WasmFeatures::GC, enable);
1006 self
1007 }
1008
1009 /// Configures whether the WebAssembly SIMD proposal will be
1010 /// enabled for compilation.
1011 ///
1012 /// The [WebAssembly SIMD proposal][proposal]. This feature gates items such
1013 /// as the `v128` type and all of its operators being in a module. Note that
1014 /// this does not enable the [relaxed simd proposal].
1015 ///
1016 /// **Note**
1017 ///
1018 /// On x86_64 platforms the base CPU feature requirement for SIMD
1019 /// is SSE2 for the Cranelift compiler and AVX for the Winch compiler.
1020 ///
1021 /// This is `true` by default.
1022 ///
1023 /// [proposal]: https://github.com/webassembly/simd
1024 /// [relaxed simd proposal]: https://github.com/WebAssembly/relaxed-simd
wasm_simd(&mut self, enable: bool) -> &mut Self1025 pub fn wasm_simd(&mut self, enable: bool) -> &mut Self {
1026 self.wasm_features(WasmFeatures::SIMD, enable);
1027 self
1028 }
1029
1030 /// Configures whether the WebAssembly Relaxed SIMD proposal will be
1031 /// enabled for compilation.
1032 ///
1033 /// The relaxed SIMD proposal adds new instructions to WebAssembly which,
1034 /// for some specific inputs, are allowed to produce different results on
1035 /// different hosts. More-or-less this proposal enables exposing
1036 /// platform-specific semantics of SIMD instructions in a controlled
1037 /// fashion to a WebAssembly program. From an embedder's perspective this
1038 /// means that WebAssembly programs may execute differently depending on
1039 /// whether the host is x86_64 or AArch64, for example.
1040 ///
1041 /// By default Wasmtime lowers relaxed SIMD instructions to the fastest
1042 /// lowering for the platform it's running on. This means that, by default,
1043 /// some relaxed SIMD instructions may have different results for the same
1044 /// inputs across x86_64 and AArch64. This behavior can be disabled through
1045 /// the [`Config::relaxed_simd_deterministic`] option which will force
1046 /// deterministic behavior across all platforms, as classified by the
1047 /// specification, at the cost of performance.
1048 ///
1049 /// This is `true` by default.
1050 ///
1051 /// [proposal]: https://github.com/webassembly/relaxed-simd
wasm_relaxed_simd(&mut self, enable: bool) -> &mut Self1052 pub fn wasm_relaxed_simd(&mut self, enable: bool) -> &mut Self {
1053 self.wasm_features(WasmFeatures::RELAXED_SIMD, enable);
1054 self
1055 }
1056
1057 /// This option can be used to control the behavior of the [relaxed SIMD
1058 /// proposal's][proposal] instructions.
1059 ///
1060 /// The relaxed SIMD proposal introduces instructions that are allowed to
1061 /// have different behavior on different architectures, primarily to afford
1062 /// an efficient implementation on all architectures. This means, however,
1063 /// that the same module may execute differently on one host than another,
1064 /// which typically is not otherwise the case. This option is provided to
1065 /// force Wasmtime to generate deterministic code for all relaxed simd
1066 /// instructions, at the cost of performance, for all architectures. When
1067 /// this option is enabled then the deterministic behavior of all
1068 /// instructions in the relaxed SIMD proposal is selected.
1069 ///
1070 /// This is `false` by default.
1071 ///
1072 /// [proposal]: https://github.com/webassembly/relaxed-simd
relaxed_simd_deterministic(&mut self, enable: bool) -> &mut Self1073 pub fn relaxed_simd_deterministic(&mut self, enable: bool) -> &mut Self {
1074 self.tunables.relaxed_simd_deterministic = Some(enable);
1075 self
1076 }
1077
1078 /// Configures whether the [WebAssembly bulk memory operations
1079 /// proposal][proposal] will be enabled for compilation.
1080 ///
1081 /// This feature gates items such as the `memory.copy` instruction, passive
1082 /// data/table segments, etc, being in a module.
1083 ///
1084 /// This is `true` by default.
1085 ///
1086 /// Feature `reference_types`, which is also `true` by default, requires
1087 /// this feature to be enabled. Thus disabling this feature must also disable
1088 /// `reference_types` as well using [`wasm_reference_types`](crate::Config::wasm_reference_types).
1089 ///
1090 /// # Errors
1091 ///
1092 /// Disabling this feature without disabling `reference_types` will cause
1093 /// `Engine::new` to fail.
1094 ///
1095 /// [proposal]: https://github.com/webassembly/bulk-memory-operations
wasm_bulk_memory(&mut self, enable: bool) -> &mut Self1096 pub fn wasm_bulk_memory(&mut self, enable: bool) -> &mut Self {
1097 self.wasm_features(WasmFeatures::BULK_MEMORY, enable);
1098 self
1099 }
1100
1101 /// Configures whether the WebAssembly multi-value [proposal] will
1102 /// be enabled for compilation.
1103 ///
1104 /// This feature gates functions and blocks returning multiple values in a
1105 /// module, for example.
1106 ///
1107 /// This is `true` by default.
1108 ///
1109 /// [proposal]: https://github.com/webassembly/multi-value
wasm_multi_value(&mut self, enable: bool) -> &mut Self1110 pub fn wasm_multi_value(&mut self, enable: bool) -> &mut Self {
1111 self.wasm_features(WasmFeatures::MULTI_VALUE, enable);
1112 self
1113 }
1114
1115 /// Configures whether the WebAssembly multi-memory [proposal] will
1116 /// be enabled for compilation.
1117 ///
1118 /// This feature gates modules having more than one linear memory
1119 /// declaration or import.
1120 ///
1121 /// This is `true` by default.
1122 ///
1123 /// [proposal]: https://github.com/webassembly/multi-memory
wasm_multi_memory(&mut self, enable: bool) -> &mut Self1124 pub fn wasm_multi_memory(&mut self, enable: bool) -> &mut Self {
1125 self.wasm_features(WasmFeatures::MULTI_MEMORY, enable);
1126 self
1127 }
1128
1129 /// Configures whether the WebAssembly memory64 [proposal] will
1130 /// be enabled for compilation.
1131 ///
1132 /// Note that this the upstream specification is not finalized and Wasmtime
1133 /// may also have bugs for this feature since it hasn't been exercised
1134 /// much.
1135 ///
1136 /// This is `false` by default.
1137 ///
1138 /// [proposal]: https://github.com/webassembly/memory64
wasm_memory64(&mut self, enable: bool) -> &mut Self1139 pub fn wasm_memory64(&mut self, enable: bool) -> &mut Self {
1140 self.wasm_features(WasmFeatures::MEMORY64, enable);
1141 self
1142 }
1143
1144 /// Configures whether the WebAssembly extended-const [proposal] will
1145 /// be enabled for compilation.
1146 ///
1147 /// This is `true` by default.
1148 ///
1149 /// [proposal]: https://github.com/webassembly/extended-const
wasm_extended_const(&mut self, enable: bool) -> &mut Self1150 pub fn wasm_extended_const(&mut self, enable: bool) -> &mut Self {
1151 self.wasm_features(WasmFeatures::EXTENDED_CONST, enable);
1152 self
1153 }
1154
1155 /// Configures whether the [WebAssembly stack switching
1156 /// proposal][proposal] will be enabled for compilation.
1157 ///
1158 /// This feature gates the use of control tags.
1159 ///
1160 /// This feature depends on the `function_reference_types` and
1161 /// `exceptions` features.
1162 ///
1163 /// This feature is `false` by default.
1164 ///
1165 /// # Errors
1166 ///
1167 /// [proposal]: https://github.com/webassembly/stack-switching
wasm_stack_switching(&mut self, enable: bool) -> &mut Self1168 pub fn wasm_stack_switching(&mut self, enable: bool) -> &mut Self {
1169 self.wasm_features(WasmFeatures::STACK_SWITCHING, enable);
1170 self
1171 }
1172
1173 /// Configures whether the WebAssembly component-model [proposal] will
1174 /// be enabled for compilation.
1175 ///
1176 /// This flag can be used to blanket disable all components within Wasmtime.
1177 /// Otherwise usage of components requires statically using
1178 /// [`Component`](crate::component::Component) instead of
1179 /// [`Module`](crate::Module) for example anyway.
1180 ///
1181 /// The default value for this option is whether the `component-model`
1182 /// crate feature of Wasmtime is enabled or not. By default this crate
1183 /// feature is enabled.
1184 ///
1185 /// [proposal]: https://github.com/webassembly/component-model
1186 #[cfg(feature = "component-model")]
wasm_component_model(&mut self, enable: bool) -> &mut Self1187 pub fn wasm_component_model(&mut self, enable: bool) -> &mut Self {
1188 self.wasm_features(WasmFeatures::COMPONENT_MODEL, enable);
1189 self
1190 }
1191
1192 /// Configures whether components support the async ABI [proposal] for
1193 /// lifting and lowering functions, as well as `stream`, `future`, and
1194 /// `error-context` types.
1195 ///
1196 /// Please note that Wasmtime's support for this feature is _very_
1197 /// incomplete.
1198 ///
1199 /// [proposal]:
1200 /// https://github.com/WebAssembly/component-model/blob/main/design/mvp/Concurrency.md
1201 #[cfg(feature = "component-model-async")]
wasm_component_model_async(&mut self, enable: bool) -> &mut Self1202 pub fn wasm_component_model_async(&mut self, enable: bool) -> &mut Self {
1203 self.wasm_features(WasmFeatures::CM_ASYNC, enable);
1204 self
1205 }
1206
1207 /// This corresponds to the �� emoji in the component model specification.
1208 ///
1209 /// Please note that Wasmtime's support for this feature is _very_
1210 /// incomplete.
1211 ///
1212 /// [proposal]:
1213 /// https://github.com/WebAssembly/component-model/blob/main/design/mvp/Concurrency.md
1214 #[cfg(feature = "component-model-async")]
wasm_component_model_async_builtins(&mut self, enable: bool) -> &mut Self1215 pub fn wasm_component_model_async_builtins(&mut self, enable: bool) -> &mut Self {
1216 self.wasm_features(WasmFeatures::CM_ASYNC_BUILTINS, enable);
1217 self
1218 }
1219
1220 /// This corresponds to the �� emoji in the component model specification.
1221 ///
1222 /// Please note that Wasmtime's support for this feature is _very_
1223 /// incomplete.
1224 ///
1225 /// [proposal]: https://github.com/WebAssembly/component-model/blob/main/design/mvp/Concurrency.md
1226 #[cfg(feature = "component-model-async")]
wasm_component_model_async_stackful(&mut self, enable: bool) -> &mut Self1227 pub fn wasm_component_model_async_stackful(&mut self, enable: bool) -> &mut Self {
1228 self.wasm_features(WasmFeatures::CM_ASYNC_STACKFUL, enable);
1229 self
1230 }
1231
1232 /// This corresponds to the �� emoji in the component model specification.
1233 ///
1234 /// Please note that Wasmtime's support for this feature is _very_
1235 /// incomplete.
1236 ///
1237 /// [proposal]:
1238 /// https://github.com/WebAssembly/component-model/pull/557
1239 #[cfg(feature = "component-model-async")]
wasm_component_model_threading(&mut self, enable: bool) -> &mut Self1240 pub fn wasm_component_model_threading(&mut self, enable: bool) -> &mut Self {
1241 self.wasm_features(WasmFeatures::CM_THREADING, enable);
1242 self
1243 }
1244
1245 /// This corresponds to the �� emoji in the component model specification.
1246 ///
1247 /// Please note that Wasmtime's support for this feature is _very_
1248 /// incomplete.
1249 ///
1250 /// [proposal]: https://github.com/WebAssembly/component-model/blob/main/design/mvp/Concurrency.md
1251 #[cfg(feature = "component-model")]
wasm_component_model_error_context(&mut self, enable: bool) -> &mut Self1252 pub fn wasm_component_model_error_context(&mut self, enable: bool) -> &mut Self {
1253 self.wasm_features(WasmFeatures::CM_ERROR_CONTEXT, enable);
1254 self
1255 }
1256
1257 /// Configures whether the [GC extension to the component-model
1258 /// proposal][proposal] is enabled or not.
1259 ///
1260 /// This corresponds to the �� emoji in the component model specification.
1261 ///
1262 /// Please note that Wasmtime's support for this feature is _very_
1263 /// incomplete.
1264 ///
1265 /// [proposal]: https://github.com/WebAssembly/component-model/issues/525
1266 #[cfg(feature = "component-model")]
wasm_component_model_gc(&mut self, enable: bool) -> &mut Self1267 pub fn wasm_component_model_gc(&mut self, enable: bool) -> &mut Self {
1268 self.wasm_features(WasmFeatures::CM_GC, enable);
1269 self
1270 }
1271
1272 /// Configures whether the component model map type is enabled or not.
1273 ///
1274 /// This is part of the component model specification and enables the
1275 /// `map<k, v>` type in WIT and the component binary format.
1276 #[cfg(feature = "component-model")]
wasm_component_model_map(&mut self, enable: bool) -> &mut Self1277 pub fn wasm_component_model_map(&mut self, enable: bool) -> &mut Self {
1278 self.wasm_features(WasmFeatures::CM_MAP, enable);
1279 self
1280 }
1281
1282 /// This corresponds to the �� emoji in the component model specification.
1283 ///
1284 /// Please note that Wasmtime's support for this feature is _very_
1285 /// incomplete.
1286 #[cfg(feature = "component-model")]
wasm_component_model_fixed_length_lists(&mut self, enable: bool) -> &mut Self1287 pub fn wasm_component_model_fixed_length_lists(&mut self, enable: bool) -> &mut Self {
1288 self.wasm_features(WasmFeatures::CM_FIXED_LENGTH_LISTS, enable);
1289 self
1290 }
1291
1292 /// Configures whether the [Exception-handling proposal][proposal] is enabled or not.
1293 ///
1294 /// [proposal]: https://github.com/WebAssembly/exception-handling
1295 #[cfg(feature = "gc")]
wasm_exceptions(&mut self, enable: bool) -> &mut Self1296 pub fn wasm_exceptions(&mut self, enable: bool) -> &mut Self {
1297 self.wasm_features(WasmFeatures::EXCEPTIONS, enable);
1298 self
1299 }
1300
1301 #[doc(hidden)] // FIXME(#3427) - if/when implemented then un-hide this
1302 #[deprecated = "This configuration option only exists for internal \
1303 usage with the spec testsuite. It may be removed at \
1304 any time and without warning. Do not rely on it!"]
wasm_legacy_exceptions(&mut self, enable: bool) -> &mut Self1305 pub fn wasm_legacy_exceptions(&mut self, enable: bool) -> &mut Self {
1306 self.wasm_features(WasmFeatures::LEGACY_EXCEPTIONS, enable);
1307 self
1308 }
1309
1310 /// Configures which compilation strategy will be used for wasm modules.
1311 ///
1312 /// This method can be used to configure which compiler is used for wasm
1313 /// modules, and for more documentation consult the [`Strategy`] enumeration
1314 /// and its documentation.
1315 ///
1316 /// The default value for this is `Strategy::Auto`.
1317 ///
1318 /// # Panics
1319 ///
1320 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1321 #[cfg(any(feature = "cranelift", feature = "winch"))]
strategy(&mut self, strategy: Strategy) -> &mut Self1322 pub fn strategy(&mut self, strategy: Strategy) -> &mut Self {
1323 self.compiler_config_mut().strategy = strategy.not_auto();
1324 self
1325 }
1326
1327 /// Configures which garbage collector will be used for Wasm modules.
1328 ///
1329 /// This method can be used to configure which garbage collector
1330 /// implementation is used for Wasm modules. For more documentation, consult
1331 /// the [`Collector`] enumeration and its documentation.
1332 ///
1333 /// The default value for this is `Collector::Auto`.
1334 #[cfg(feature = "gc")]
collector(&mut self, collector: Collector) -> &mut Self1335 pub fn collector(&mut self, collector: Collector) -> &mut Self {
1336 self.collector = collector;
1337 self
1338 }
1339
1340 /// Creates a default profiler based on the profiling strategy chosen.
1341 ///
1342 /// Profiler creation calls the type's default initializer where the purpose is
1343 /// really just to put in place the type used for profiling.
1344 ///
1345 /// Some [`ProfilingStrategy`] require specific platforms or particular feature
1346 /// to be enabled, such as `ProfilingStrategy::JitDump` requires the `jitdump`
1347 /// feature.
1348 ///
1349 /// # Errors
1350 ///
1351 /// The validation of this field is deferred until the engine is being built, and thus may
1352 /// cause `Engine::new` fail if the required feature is disabled, or the platform is not
1353 /// supported.
profiler(&mut self, profile: ProfilingStrategy) -> &mut Self1354 pub fn profiler(&mut self, profile: ProfilingStrategy) -> &mut Self {
1355 self.profiling_strategy = profile;
1356 self
1357 }
1358
1359 /// Configures whether the debug verifier of Cranelift is enabled or not.
1360 ///
1361 /// When Cranelift is used as a code generation backend this will configure
1362 /// it to have the `enable_verifier` flag which will enable a number of debug
1363 /// checks inside of Cranelift. This is largely only useful for the
1364 /// developers of wasmtime itself.
1365 ///
1366 /// The default value for this is `false`
1367 ///
1368 /// # Panics
1369 ///
1370 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1371 #[cfg(any(feature = "cranelift", feature = "winch"))]
cranelift_debug_verifier(&mut self, enable: bool) -> &mut Self1372 pub fn cranelift_debug_verifier(&mut self, enable: bool) -> &mut Self {
1373 let val = if enable { "true" } else { "false" };
1374 self.compiler_config_mut()
1375 .settings
1376 .insert("enable_verifier".to_string(), val.to_string());
1377 self
1378 }
1379
1380 /// Configures whether extra debug checks are inserted into
1381 /// Wasmtime-generated code by Cranelift.
1382 ///
1383 /// The default value for this is `false`
1384 ///
1385 /// # Panics
1386 ///
1387 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1388 #[cfg(any(feature = "cranelift", feature = "winch"))]
cranelift_wasmtime_debug_checks(&mut self, enable: bool) -> &mut Self1389 pub fn cranelift_wasmtime_debug_checks(&mut self, enable: bool) -> &mut Self {
1390 unsafe { self.cranelift_flag_set("wasmtime_debug_checks", &enable.to_string()) }
1391 }
1392
1393 /// Configures the Cranelift code generator optimization level.
1394 ///
1395 /// When the Cranelift code generator is used you can configure the
1396 /// optimization level used for generated code in a few various ways. For
1397 /// more information see the documentation of [`OptLevel`].
1398 ///
1399 /// The default value for this is `OptLevel::Speed`.
1400 ///
1401 /// # Panics
1402 ///
1403 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1404 #[cfg(any(feature = "cranelift", feature = "winch"))]
cranelift_opt_level(&mut self, level: OptLevel) -> &mut Self1405 pub fn cranelift_opt_level(&mut self, level: OptLevel) -> &mut Self {
1406 let val = match level {
1407 OptLevel::None => "none",
1408 OptLevel::Speed => "speed",
1409 OptLevel::SpeedAndSize => "speed_and_size",
1410 };
1411 self.compiler_config_mut()
1412 .settings
1413 .insert("opt_level".to_string(), val.to_string());
1414 self
1415 }
1416
1417 /// Configures the regalloc algorithm used by the Cranelift code generator.
1418 ///
1419 /// Cranelift can select any of several register allocator algorithms. Each
1420 /// of these algorithms generates correct code, but they represent different
1421 /// tradeoffs between compile speed (how expensive the compilation process
1422 /// is) and run-time speed (how fast the generated code runs).
1423 /// For more information see the documentation of [`RegallocAlgorithm`].
1424 ///
1425 /// The default value for this is `RegallocAlgorithm::Backtracking`.
1426 ///
1427 /// # Panics
1428 ///
1429 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1430 #[cfg(any(feature = "cranelift", feature = "winch"))]
cranelift_regalloc_algorithm(&mut self, algo: RegallocAlgorithm) -> &mut Self1431 pub fn cranelift_regalloc_algorithm(&mut self, algo: RegallocAlgorithm) -> &mut Self {
1432 let val = match algo {
1433 RegallocAlgorithm::Backtracking => "backtracking",
1434 RegallocAlgorithm::SinglePass => "single_pass",
1435 };
1436 self.compiler_config_mut()
1437 .settings
1438 .insert("regalloc_algorithm".to_string(), val.to_string());
1439 self
1440 }
1441
1442 /// Configures whether Cranelift should perform a NaN-canonicalization pass.
1443 ///
1444 /// When Cranelift is used as a code generation backend this will configure
1445 /// it to replace NaNs with a single canonical value. This is useful for
1446 /// users requiring entirely deterministic WebAssembly computation. This is
1447 /// not required by the WebAssembly spec, so it is not enabled by default.
1448 ///
1449 /// Note that this option affects not only WebAssembly's `f32` and `f64`
1450 /// types but additionally the `v128` type. This option will cause
1451 /// operations using any of these types to have extra checks placed after
1452 /// them to normalize NaN values as needed.
1453 ///
1454 /// The default value for this is `false`
1455 ///
1456 /// # Panics
1457 ///
1458 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1459 #[cfg(any(feature = "cranelift", feature = "winch"))]
cranelift_nan_canonicalization(&mut self, enable: bool) -> &mut Self1460 pub fn cranelift_nan_canonicalization(&mut self, enable: bool) -> &mut Self {
1461 let val = if enable { "true" } else { "false" };
1462 self.compiler_config_mut()
1463 .settings
1464 .insert("enable_nan_canonicalization".to_string(), val.to_string());
1465 self
1466 }
1467
1468 /// Allows setting a Cranelift boolean flag or preset. This allows
1469 /// fine-tuning of Cranelift settings.
1470 ///
1471 /// Since Cranelift flags may be unstable, this method should not be considered to be stable
1472 /// either; other `Config` functions should be preferred for stability.
1473 ///
1474 /// # Safety
1475 ///
1476 /// This is marked as unsafe, because setting the wrong flag might break invariants,
1477 /// resulting in execution hazards.
1478 ///
1479 /// # Errors
1480 ///
1481 /// The validation of the flags are deferred until the engine is being built, and thus may
1482 /// cause `Engine::new` fail if the flag's name does not exist, or the value is not appropriate
1483 /// for the flag type.
1484 ///
1485 /// # Panics
1486 ///
1487 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1488 #[cfg(any(feature = "cranelift", feature = "winch"))]
cranelift_flag_enable(&mut self, flag: &str) -> &mut Self1489 pub unsafe fn cranelift_flag_enable(&mut self, flag: &str) -> &mut Self {
1490 self.compiler_config_mut().flags.insert(flag.to_string());
1491 self
1492 }
1493
1494 /// Allows settings another Cranelift flag defined by a flag name and value. This allows
1495 /// fine-tuning of Cranelift settings.
1496 ///
1497 /// Since Cranelift flags may be unstable, this method should not be considered to be stable
1498 /// either; other `Config` functions should be preferred for stability.
1499 ///
1500 /// # Safety
1501 ///
1502 /// This is marked as unsafe, because setting the wrong flag might break invariants,
1503 /// resulting in execution hazards.
1504 ///
1505 /// # Errors
1506 ///
1507 /// The validation of the flags are deferred until the engine is being built, and thus may
1508 /// cause `Engine::new` fail if the flag's name does not exist, or incompatible with other
1509 /// settings.
1510 ///
1511 /// For example, feature `wasm_backtrace` will set `unwind_info` to `true`, but if it's
1512 /// manually set to false then it will fail.
1513 ///
1514 /// # Panics
1515 ///
1516 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
1517 #[cfg(any(feature = "cranelift", feature = "winch"))]
cranelift_flag_set(&mut self, name: &str, value: &str) -> &mut Self1518 pub unsafe fn cranelift_flag_set(&mut self, name: &str, value: &str) -> &mut Self {
1519 self.compiler_config_mut()
1520 .settings
1521 .insert(name.to_string(), value.to_string());
1522 self
1523 }
1524
1525 /// Set a custom [`Cache`].
1526 ///
1527 /// To load a cache configuration from a file, use [`Cache::from_file`]. Otherwise, you can
1528 /// create a new cache config using [`CacheConfig::new`] and passing that to [`Cache::new`].
1529 ///
1530 /// If you want to disable the cache, you can call this method with `None`.
1531 ///
1532 /// By default, new configs do not have caching enabled.
1533 /// Every call to [`Module::new(my_wasm)`][crate::Module::new] will recompile `my_wasm`,
1534 /// even when it is unchanged, unless an enabled `CacheConfig` is provided.
1535 ///
1536 /// This method is only available when the `cache` feature of this crate is
1537 /// enabled.
1538 ///
1539 /// [docs]: https://bytecodealliance.github.io/wasmtime/cli-cache.html
1540 #[cfg(feature = "cache")]
cache(&mut self, cache: Option<Cache>) -> &mut Self1541 pub fn cache(&mut self, cache: Option<Cache>) -> &mut Self {
1542 self.cache = cache;
1543 self
1544 }
1545
1546 /// Sets a custom memory creator.
1547 ///
1548 /// Custom memory creators are used when creating host `Memory` objects or when
1549 /// creating instance linear memories for the on-demand instance allocation strategy.
1550 #[cfg(feature = "runtime")]
with_host_memory(&mut self, mem_creator: Arc<dyn MemoryCreator>) -> &mut Self1551 pub fn with_host_memory(&mut self, mem_creator: Arc<dyn MemoryCreator>) -> &mut Self {
1552 self.mem_creator = Some(Arc::new(MemoryCreatorProxy(mem_creator)));
1553 self
1554 }
1555
1556 /// Sets a custom stack creator.
1557 ///
1558 /// Custom memory creators are used when creating creating async instance stacks for
1559 /// the on-demand instance allocation strategy.
1560 #[cfg(feature = "async")]
with_host_stack(&mut self, stack_creator: Arc<dyn StackCreator>) -> &mut Self1561 pub fn with_host_stack(&mut self, stack_creator: Arc<dyn StackCreator>) -> &mut Self {
1562 self.stack_creator = Some(Arc::new(StackCreatorProxy(stack_creator)));
1563 self
1564 }
1565
1566 /// Sets a custom executable-memory publisher.
1567 ///
1568 /// Custom executable-memory publishers are hooks that allow
1569 /// Wasmtime to make certain regions of memory executable when
1570 /// loading precompiled modules or compiling new modules
1571 /// in-process. In most modern operating systems, memory allocated
1572 /// for heap usage is readable and writable by default but not
1573 /// executable. To jump to machine code stored in that memory, we
1574 /// need to make it executable. For security reasons, we usually
1575 /// also make it read-only at the same time, so the executing code
1576 /// can't be modified later.
1577 ///
1578 /// By default, Wasmtime will use the appropriate system calls on
1579 /// the host platform for this work. However, it also allows
1580 /// plugging in a custom implementation via this configuration
1581 /// option. This may be useful on custom or `no_std` platforms,
1582 /// for example, especially where virtual memory is not otherwise
1583 /// used by Wasmtime (no `signals-and-traps` feature).
1584 #[cfg(feature = "runtime")]
with_custom_code_memory( &mut self, custom_code_memory: Option<Arc<dyn CustomCodeMemory>>, ) -> &mut Self1585 pub fn with_custom_code_memory(
1586 &mut self,
1587 custom_code_memory: Option<Arc<dyn CustomCodeMemory>>,
1588 ) -> &mut Self {
1589 self.custom_code_memory = custom_code_memory;
1590 self
1591 }
1592
1593 /// Sets the instance allocation strategy to use.
1594 ///
1595 /// This is notably used in conjunction with
1596 /// [`InstanceAllocationStrategy::Pooling`] and [`PoolingAllocationConfig`].
allocation_strategy( &mut self, strategy: impl Into<InstanceAllocationStrategy>, ) -> &mut Self1597 pub fn allocation_strategy(
1598 &mut self,
1599 strategy: impl Into<InstanceAllocationStrategy>,
1600 ) -> &mut Self {
1601 self.allocation_strategy = strategy.into();
1602 self
1603 }
1604
1605 /// Specifies the capacity of linear memories, in bytes, in their initial
1606 /// allocation.
1607 ///
1608 /// > Note: this value has important performance ramifications, be sure to
1609 /// > benchmark when setting this to a non-default value and read over this
1610 /// > documentation.
1611 ///
1612 /// This function will change the size of the initial memory allocation made
1613 /// for linear memories. This setting is only applicable when the initial
1614 /// size of a linear memory is below this threshold. Linear memories are
1615 /// allocated in the virtual address space of the host process with OS APIs
1616 /// such as `mmap` and this setting affects how large the allocation will
1617 /// be.
1618 ///
1619 /// ## Background: WebAssembly Linear Memories
1620 ///
1621 /// WebAssembly linear memories always start with a minimum size and can
1622 /// possibly grow up to a maximum size. The minimum size is always specified
1623 /// in a WebAssembly module itself and the maximum size can either be
1624 /// optionally specified in the module or inherently limited by the index
1625 /// type. For example for this module:
1626 ///
1627 /// ```wasm
1628 /// (module
1629 /// (memory $a 4)
1630 /// (memory $b 4096 4096 (pagesize 1))
1631 /// (memory $c i64 10)
1632 /// )
1633 /// ```
1634 ///
1635 /// * Memory `$a` initially allocates 4 WebAssembly pages (256KiB) and can
1636 /// grow up to 4GiB, the limit of the 32-bit index space.
1637 /// * Memory `$b` initially allocates 4096 WebAssembly pages, but in this
1638 /// case its page size is 1, so it's 4096 bytes. Memory can also grow no
1639 /// further meaning that it will always be 4096 bytes.
1640 /// * Memory `$c` is a 64-bit linear memory which starts with 640KiB of
1641 /// memory and can theoretically grow up to 2^64 bytes, although most
1642 /// hosts will run out of memory long before that.
1643 ///
1644 /// All operations on linear memories done by wasm are required to be
1645 /// in-bounds. Any access beyond the end of a linear memory is considered a
1646 /// trap.
1647 ///
1648 /// ## What this setting affects: Virtual Memory
1649 ///
1650 /// This setting is used to configure the behavior of the size of the linear
1651 /// memory allocation performed for each of these memories. For example the
1652 /// initial linear memory allocation looks like this:
1653 ///
1654 /// ```text
1655 /// memory_reservation
1656 /// |
1657 /// ◄─────────┴────────────────►
1658 /// ┌───────┬─────────┬──────────────────┬───────┐
1659 /// │ guard │ initial │ ... capacity ... │ guard │
1660 /// └───────┴─────────┴──────────────────┴───────┘
1661 /// ◄──┬──► ◄──┬──►
1662 /// │ │
1663 /// │ memory_guard_size
1664 /// │
1665 /// │
1666 /// memory_guard_size (if guard_before_linear_memory)
1667 /// ```
1668 ///
1669 /// Memory in the `initial` range is accessible to the instance and can be
1670 /// read/written by wasm code. Memory in the `guard` regions is never
1671 /// accessible to wasm code and memory in `capacity` is initially
1672 /// inaccessible but may become accessible through `memory.grow` instructions
1673 /// for example.
1674 ///
1675 /// This means that this setting is the size of the initial chunk of virtual
1676 /// memory that a linear memory may grow into.
1677 ///
1678 /// ## What this setting affects: Runtime Speed
1679 ///
1680 /// This is a performance-sensitive setting which is taken into account
1681 /// during the compilation process of a WebAssembly module. For example if a
1682 /// 32-bit WebAssembly linear memory has a `memory_reservation` size of 4GiB
1683 /// then bounds checks can be elided because `capacity` will be guaranteed
1684 /// to be unmapped for all addressable bytes that wasm can access (modulo a
1685 /// few details).
1686 ///
1687 /// If `memory_reservation` was something smaller like 256KiB then that
1688 /// would have a much smaller impact on virtual memory but the compile code
1689 /// would then need to have explicit bounds checks to ensure that
1690 /// loads/stores are in-bounds.
1691 ///
1692 /// The goal of this setting is to enable skipping bounds checks in most
1693 /// modules by default. Some situations which require explicit bounds checks
1694 /// though are:
1695 ///
1696 /// * When `memory_reservation` is smaller than the addressable size of the
1697 /// linear memory. For example if 64-bit linear memories always need
1698 /// bounds checks as they can address the entire virtual address spacce.
1699 /// For 32-bit linear memories a `memory_reservation` minimum size of 4GiB
1700 /// is required to elide bounds checks.
1701 ///
1702 /// * When linear memories have a page size of 1 then bounds checks are
1703 /// required. In this situation virtual memory can't be relied upon
1704 /// because that operates at the host page size granularity where wasm
1705 /// requires a per-byte level granularity.
1706 ///
1707 /// * Configuration settings such as [`Config::signals_based_traps`] can be
1708 /// used to disable the use of signal handlers and virtual memory so
1709 /// explicit bounds checks are required.
1710 ///
1711 /// * When [`Config::memory_guard_size`] is too small a bounds check may be
1712 /// required. For 32-bit wasm addresses are actually 33-bit effective
1713 /// addresses because loads/stores have a 32-bit static offset to add to
1714 /// the dynamic 32-bit address. If the static offset is larger than the
1715 /// size of the guard region then an explicit bounds check is required.
1716 ///
1717 /// ## What this setting affects: Memory Growth Behavior
1718 ///
1719 /// In addition to affecting bounds checks emitted in compiled code this
1720 /// setting also affects how WebAssembly linear memories are grown. The
1721 /// `memory.grow` instruction can be used to make a linear memory larger and
1722 /// this is also affected by APIs such as
1723 /// [`Memory::grow`](crate::Memory::grow).
1724 ///
1725 /// In these situations when the amount being grown is small enough to fit
1726 /// within the remaining capacity then the linear memory doesn't have to be
1727 /// moved at runtime. If the capacity runs out though then a new linear
1728 /// memory allocation must be made and the contents of linear memory is
1729 /// copied over.
1730 ///
1731 /// For example here's a situation where a copy happens:
1732 ///
1733 /// * The `memory_reservation` setting is configured to 128KiB.
1734 /// * A WebAssembly linear memory starts with a single 64KiB page.
1735 /// * This memory can be grown by one page to contain the full 128KiB of
1736 /// memory.
1737 /// * If grown by one more page, though, then a 192KiB allocation must be
1738 /// made and the previous 128KiB of contents are copied into the new
1739 /// allocation.
1740 ///
1741 /// This growth behavior can have a significant performance impact if lots
1742 /// of data needs to be copied on growth. Conversely if memory growth never
1743 /// needs to happen because the capacity will always be large enough then
1744 /// optimizations can be applied to cache the base pointer of linear memory.
1745 ///
1746 /// When memory is grown then the
1747 /// [`Config::memory_reservation_for_growth`] is used for the new
1748 /// memory allocation to have memory to grow into.
1749 ///
1750 /// When using the pooling allocator via [`PoolingAllocationConfig`] then
1751 /// memories are never allowed to move so requests for growth are instead
1752 /// rejected with an error.
1753 ///
1754 /// ## When this setting is not used
1755 ///
1756 /// This setting is ignored and unused when the initial size of linear
1757 /// memory is larger than this threshold. For example if this setting is set
1758 /// to 1MiB but a wasm module requires a 2MiB minimum allocation then this
1759 /// setting is ignored. In this situation the minimum size of memory will be
1760 /// allocated along with [`Config::memory_reservation_for_growth`]
1761 /// after it to grow into.
1762 ///
1763 /// That means that this value can be set to zero. That can be useful in
1764 /// benchmarking to see the overhead of bounds checks for example.
1765 /// Additionally it can be used to minimize the virtual memory allocated by
1766 /// Wasmtime.
1767 ///
1768 /// ## Default Value
1769 ///
1770 /// The default value for this property depends on the host platform. For
1771 /// 64-bit platforms there's lots of address space available, so the default
1772 /// configured here is 4GiB. When coupled with the default size of
1773 /// [`Config::memory_guard_size`] this means that 32-bit WebAssembly linear
1774 /// memories with 64KiB page sizes will skip almost all bounds checks by
1775 /// default.
1776 ///
1777 /// For 32-bit platforms this value defaults to 10MiB. This means that
1778 /// bounds checks will be required on 32-bit platforms.
memory_reservation(&mut self, bytes: u64) -> &mut Self1779 pub fn memory_reservation(&mut self, bytes: u64) -> &mut Self {
1780 self.tunables.memory_reservation = Some(bytes);
1781 self
1782 }
1783
1784 /// Indicates whether linear memories may relocate their base pointer at
1785 /// runtime.
1786 ///
1787 /// WebAssembly linear memories either have a maximum size that's explicitly
1788 /// listed in the type of a memory or inherently limited by the index type
1789 /// of the memory (e.g. 4GiB for 32-bit linear memories). Depending on how
1790 /// the linear memory is allocated (see [`Config::memory_reservation`]) it
1791 /// may be necessary to move the memory in the host's virtual address space
1792 /// during growth. This option controls whether this movement is allowed or
1793 /// not.
1794 ///
1795 /// An example of a linear memory needing to move is when
1796 /// [`Config::memory_reservation`] is 0 then a linear memory will be
1797 /// allocated as the minimum size of the memory plus
1798 /// [`Config::memory_reservation_for_growth`]. When memory grows beyond the
1799 /// reservation for growth then the memory needs to be relocated.
1800 ///
1801 /// When this option is set to `false` then it can have a number of impacts
1802 /// on how memories work at runtime:
1803 ///
1804 /// * Modules can be compiled with static knowledge the base pointer of
1805 /// linear memory never changes to enable optimizations such as
1806 /// loop invariant code motion (hoisting the base pointer out of a loop).
1807 ///
1808 /// * Memories cannot grow in excess of their original allocation. This
1809 /// means that [`Config::memory_reservation`] and
1810 /// [`Config::memory_reservation_for_growth`] may need tuning to ensure
1811 /// the memory configuration works at runtime.
1812 ///
1813 /// The default value for this option is `true`.
memory_may_move(&mut self, enable: bool) -> &mut Self1814 pub fn memory_may_move(&mut self, enable: bool) -> &mut Self {
1815 self.tunables.memory_may_move = Some(enable);
1816 self
1817 }
1818
1819 /// Configures the size, in bytes, of the guard region used at the end of a
1820 /// linear memory's address space reservation.
1821 ///
1822 /// > Note: this value has important performance ramifications, be sure to
1823 /// > understand what this value does before tweaking it and benchmarking.
1824 ///
1825 /// This setting controls how many bytes are guaranteed to be unmapped after
1826 /// the virtual memory allocation of a linear memory. When
1827 /// combined with sufficiently large values of
1828 /// [`Config::memory_reservation`] (e.g. 4GiB for 32-bit linear memories)
1829 /// then a guard region can be used to eliminate bounds checks in generated
1830 /// code.
1831 ///
1832 /// This setting additionally can be used to help deduplicate bounds checks
1833 /// in code that otherwise requires bounds checks. For example with a 4KiB
1834 /// guard region then a 64-bit linear memory which accesses addresses `x+8`
1835 /// and `x+16` only needs to perform a single bounds check on `x`. If that
1836 /// bounds check passes then the offset is guaranteed to either reside in
1837 /// linear memory or the guard region, resulting in deterministic behavior
1838 /// either way.
1839 ///
1840 /// ## How big should the guard be?
1841 ///
1842 /// In general, like with configuring [`Config::memory_reservation`], you
1843 /// probably don't want to change this value from the defaults. Removing
1844 /// bounds checks is dependent on a number of factors where the size of the
1845 /// guard region is only one piece of the equation. Other factors include:
1846 ///
1847 /// * [`Config::memory_reservation`]
1848 /// * The index type of the linear memory (e.g. 32-bit or 64-bit)
1849 /// * The page size of the linear memory
1850 /// * Other settings such as [`Config::signals_based_traps`]
1851 ///
1852 /// Embeddings using virtual memory almost always want at least some guard
1853 /// region, but otherwise changes from the default should be profiled
1854 /// locally to see the performance impact.
1855 ///
1856 /// ## Default
1857 ///
1858 /// The default value for this property is 32MiB on 64-bit platforms. This
1859 /// allows eliminating almost all bounds checks on loads/stores with an
1860 /// immediate offset of less than 32MiB. On 32-bit platforms this defaults
1861 /// to 64KiB.
memory_guard_size(&mut self, bytes: u64) -> &mut Self1862 pub fn memory_guard_size(&mut self, bytes: u64) -> &mut Self {
1863 self.tunables.memory_guard_size = Some(bytes);
1864 self
1865 }
1866
1867 /// Configures the size, in bytes, of the extra virtual memory space
1868 /// reserved after a linear memory is relocated.
1869 ///
1870 /// This setting is used in conjunction with [`Config::memory_reservation`]
1871 /// to configure what happens after a linear memory is relocated in the host
1872 /// address space. If the initial size of a linear memory exceeds
1873 /// [`Config::memory_reservation`] or if it grows beyond that size
1874 /// throughout its lifetime then this setting will be used.
1875 ///
1876 /// When a linear memory is relocated it will initially look like this:
1877 ///
1878 /// ```text
1879 /// memory.size
1880 /// │
1881 /// ◄──────┴─────►
1882 /// ┌───────┬──────────────┬───────┐
1883 /// │ guard │ accessible │ guard │
1884 /// └───────┴──────────────┴───────┘
1885 /// ◄──┬──►
1886 /// │
1887 /// memory_guard_size
1888 /// ```
1889 ///
1890 /// where `accessible` needs to be grown but there's no more memory to grow
1891 /// into. A new region of the virtual address space will be allocated that
1892 /// looks like this:
1893 ///
1894 /// ```text
1895 /// memory_reservation_for_growth
1896 /// │
1897 /// memory.size │
1898 /// │ │
1899 /// ◄──────┴─────► ◄─────────────┴───────────►
1900 /// ┌───────┬──────────────┬───────────────────────────┬───────┐
1901 /// │ guard │ accessible │ .. reserved for growth .. │ guard │
1902 /// └───────┴──────────────┴───────────────────────────┴───────┘
1903 /// ◄──┬──►
1904 /// │
1905 /// memory_guard_size
1906 /// ```
1907 ///
1908 /// This means that up to `memory_reservation_for_growth` bytes can be
1909 /// allocated again before the entire linear memory needs to be moved again
1910 /// when another `memory_reservation_for_growth` bytes will be appended to
1911 /// the size of the allocation.
1912 ///
1913 /// Note that this is a currently simple heuristic for optimizing the growth
1914 /// of dynamic memories, primarily implemented for the memory64 proposal
1915 /// where the maximum size of memory is larger than 4GiB. This setting is
1916 /// unlikely to be a one-size-fits-all style approach and if you're an
1917 /// embedder running into issues with growth and are interested in having
1918 /// other growth strategies available here please feel free to [open an
1919 /// issue on the Wasmtime repository][issue]!
1920 ///
1921 /// [issue]: https://github.com/bytecodealliance/wasmtime/issues/new
1922 ///
1923 /// ## Default
1924 ///
1925 /// For 64-bit platforms this defaults to 2GiB, and for 32-bit platforms
1926 /// this defaults to 1MiB.
memory_reservation_for_growth(&mut self, bytes: u64) -> &mut Self1927 pub fn memory_reservation_for_growth(&mut self, bytes: u64) -> &mut Self {
1928 self.tunables.memory_reservation_for_growth = Some(bytes);
1929 self
1930 }
1931
1932 /// Indicates whether a guard region is present before allocations of
1933 /// linear memory.
1934 ///
1935 /// Guard regions before linear memories are never used during normal
1936 /// operation of WebAssembly modules, even if they have out-of-bounds
1937 /// loads. The only purpose for a preceding guard region in linear memory
1938 /// is extra protection against possible bugs in code generators like
1939 /// Cranelift. This setting does not affect performance in any way, but will
1940 /// result in larger virtual memory reservations for linear memories (it
1941 /// won't actually ever use more memory, just use more of the address
1942 /// space).
1943 ///
1944 /// The size of the guard region before linear memory is the same as the
1945 /// guard size that comes after linear memory, which is configured by
1946 /// [`Config::memory_guard_size`].
1947 ///
1948 /// ## Default
1949 ///
1950 /// This value defaults to `true`.
guard_before_linear_memory(&mut self, enable: bool) -> &mut Self1951 pub fn guard_before_linear_memory(&mut self, enable: bool) -> &mut Self {
1952 self.tunables.guard_before_linear_memory = Some(enable);
1953 self
1954 }
1955
1956 /// Indicates whether to initialize tables lazily, so that instantiation
1957 /// is fast but indirect calls are a little slower. If false, tables
1958 /// are initialized eagerly during instantiation from any active element
1959 /// segments that apply to them.
1960 ///
1961 /// **Note** Disabling this option is not compatible with the Winch compiler.
1962 ///
1963 /// ## Default
1964 ///
1965 /// This value defaults to `true`.
table_lazy_init(&mut self, table_lazy_init: bool) -> &mut Self1966 pub fn table_lazy_init(&mut self, table_lazy_init: bool) -> &mut Self {
1967 self.tunables.table_lazy_init = Some(table_lazy_init);
1968 self
1969 }
1970
1971 /// Configure the version information used in serialized and deserialized [`crate::Module`]s.
1972 /// This effects the behavior of [`crate::Module::serialize()`], as well as
1973 /// [`crate::Module::deserialize()`] and related functions.
1974 ///
1975 /// The default strategy is to use the wasmtime crate's Cargo package version.
module_version(&mut self, strategy: ModuleVersionStrategy) -> Result<&mut Self>1976 pub fn module_version(&mut self, strategy: ModuleVersionStrategy) -> Result<&mut Self> {
1977 match strategy {
1978 // This case requires special precondition for assertion in SerializedModule::to_bytes
1979 ModuleVersionStrategy::Custom(ref v) => {
1980 if v.as_bytes().len() > 255 {
1981 bail!("custom module version cannot be more than 255 bytes: {v}");
1982 }
1983 }
1984 _ => {}
1985 }
1986 self.module_version = strategy;
1987 Ok(self)
1988 }
1989
1990 /// Configure whether wasmtime should compile a module using multiple
1991 /// threads.
1992 ///
1993 /// Disabling this will result in a single thread being used to compile
1994 /// the wasm bytecode.
1995 ///
1996 /// By default parallel compilation is enabled.
1997 #[cfg(feature = "parallel-compilation")]
parallel_compilation(&mut self, parallel: bool) -> &mut Self1998 pub fn parallel_compilation(&mut self, parallel: bool) -> &mut Self {
1999 self.parallel_compilation = parallel;
2000 self
2001 }
2002
2003 /// Configures whether compiled artifacts will contain information to map
2004 /// native program addresses back to the original wasm module.
2005 ///
2006 /// This configuration option is `true` by default and, if enabled,
2007 /// generates the appropriate tables in compiled modules to map from native
2008 /// address back to wasm source addresses. This is used for displaying wasm
2009 /// program counters in backtraces as well as generating filenames/line
2010 /// numbers if so configured as well (and the original wasm module has DWARF
2011 /// debugging information present).
generate_address_map(&mut self, generate: bool) -> &mut Self2012 pub fn generate_address_map(&mut self, generate: bool) -> &mut Self {
2013 self.tunables.generate_address_map = Some(generate);
2014 self
2015 }
2016
2017 /// Configures whether copy-on-write memory-mapped data is used to
2018 /// initialize a linear memory.
2019 ///
2020 /// Initializing linear memory via a copy-on-write mapping can drastically
2021 /// improve instantiation costs of a WebAssembly module because copying
2022 /// memory is deferred. Additionally if a page of memory is only ever read
2023 /// from WebAssembly and never written too then the same underlying page of
2024 /// data will be reused between all instantiations of a module meaning that
2025 /// if a module is instantiated many times this can lower the overall memory
2026 /// required needed to run that module.
2027 ///
2028 /// The main disadvantage of copy-on-write initialization, however, is that
2029 /// it may be possible for highly-parallel scenarios to be less scalable. If
2030 /// a page is read initially by a WebAssembly module then that page will be
2031 /// mapped to a read-only copy shared between all WebAssembly instances. If
2032 /// the same page is then written, however, then a private copy is created
2033 /// and swapped out from the read-only version. This also requires an [IPI],
2034 /// however, which can be a significant bottleneck in high-parallelism
2035 /// situations.
2036 ///
2037 /// This feature is only applicable when a WebAssembly module meets specific
2038 /// criteria to be initialized in this fashion, such as:
2039 ///
2040 /// * Only memories defined in the module can be initialized this way.
2041 /// * Data segments for memory must use statically known offsets.
2042 /// * Data segments for memory must all be in-bounds.
2043 ///
2044 /// Modules which do not meet these criteria will fall back to
2045 /// initialization of linear memory based on copying memory.
2046 ///
2047 /// This feature of Wasmtime is also platform-specific:
2048 ///
2049 /// * Linux - this feature is supported for all instances of [`Module`].
2050 /// Modules backed by an existing mmap (such as those created by
2051 /// [`Module::deserialize_file`]) will reuse that mmap to cow-initialize
2052 /// memory. Other instance of [`Module`] may use the `memfd_create`
2053 /// syscall to create an initialization image to `mmap`.
2054 /// * Unix (not Linux) - this feature is only supported when loading modules
2055 /// from a precompiled file via [`Module::deserialize_file`] where there
2056 /// is a file descriptor to use to map data into the process. Note that
2057 /// the module must have been compiled with this setting enabled as well.
2058 /// * Windows - there is no support for this feature at this time. Memory
2059 /// initialization will always copy bytes.
2060 ///
2061 /// By default this option is enabled.
2062 ///
2063 /// [`Module::deserialize_file`]: crate::Module::deserialize_file
2064 /// [`Module`]: crate::Module
2065 /// [IPI]: https://en.wikipedia.org/wiki/Inter-processor_interrupt
memory_init_cow(&mut self, enable: bool) -> &mut Self2066 pub fn memory_init_cow(&mut self, enable: bool) -> &mut Self {
2067 self.tunables.memory_init_cow = Some(enable);
2068 self
2069 }
2070
2071 /// A configuration option to force the usage of `memfd_create` on Linux to
2072 /// be used as the backing source for a module's initial memory image.
2073 ///
2074 /// When [`Config::memory_init_cow`] is enabled, which is enabled by
2075 /// default, module memory initialization images are taken from a module's
2076 /// original mmap if possible. If a precompiled module was loaded from disk
2077 /// this means that the disk's file is used as an mmap source for the
2078 /// initial linear memory contents. This option can be used to force, on
2079 /// Linux, that instead of using the original file on disk a new in-memory
2080 /// file is created with `memfd_create` to hold the contents of the initial
2081 /// image.
2082 ///
2083 /// This option can be used to avoid possibly loading the contents of memory
2084 /// from disk through a page fault. Instead with `memfd_create` the contents
2085 /// of memory are always in RAM, meaning that even page faults which
2086 /// initially populate a wasm linear memory will only work with RAM instead
2087 /// of ever hitting the disk that the original precompiled module is stored
2088 /// on.
2089 ///
2090 /// This option is disabled by default.
force_memory_init_memfd(&mut self, enable: bool) -> &mut Self2091 pub fn force_memory_init_memfd(&mut self, enable: bool) -> &mut Self {
2092 self.force_memory_init_memfd = enable;
2093 self
2094 }
2095
2096 /// Configures whether or not a coredump should be generated and attached to
2097 /// the [`Error`](crate::Error) when a trap is raised.
2098 ///
2099 /// This option is disabled by default.
2100 #[cfg(feature = "coredump")]
coredump_on_trap(&mut self, enable: bool) -> &mut Self2101 pub fn coredump_on_trap(&mut self, enable: bool) -> &mut Self {
2102 self.coredump_on_trap = enable;
2103 self
2104 }
2105
2106 /// Enables memory error checking for wasm programs.
2107 ///
2108 /// This option is disabled by default.
2109 ///
2110 /// # Panics
2111 ///
2112 /// Panics if this configuration's compiler was [disabled][Config::enable_compiler].
2113 #[cfg(any(feature = "cranelift", feature = "winch"))]
wmemcheck(&mut self, enable: bool) -> &mut Self2114 pub fn wmemcheck(&mut self, enable: bool) -> &mut Self {
2115 self.wmemcheck = enable;
2116 self.compiler_config_mut().wmemcheck = enable;
2117 self
2118 }
2119
2120 /// Configures the "guaranteed dense image size" for copy-on-write
2121 /// initialized memories.
2122 ///
2123 /// When using the [`Config::memory_init_cow`] feature to initialize memory
2124 /// efficiently (which is enabled by default), compiled modules contain an
2125 /// image of the module's initial heap. If the module has a fairly sparse
2126 /// initial heap, with just a few data segments at very different offsets,
2127 /// this could result in a large region of zero bytes in the image. In
2128 /// other words, it's not very memory-efficient.
2129 ///
2130 /// We normally use a heuristic to avoid this: if less than half
2131 /// of the initialized range (first non-zero to last non-zero
2132 /// byte) of any memory in the module has pages with nonzero
2133 /// bytes, then we avoid creating a memory image for the entire module.
2134 ///
2135 /// However, if the embedder always needs the instantiation-time efficiency
2136 /// of copy-on-write initialization, and is otherwise carefully controlling
2137 /// parameters of the modules (for example, by limiting the maximum heap
2138 /// size of the modules), then it may be desirable to ensure a memory image
2139 /// is created even if this could go against the heuristic above. Thus, we
2140 /// add another condition: there is a size of initialized data region up to
2141 /// which we *always* allow a memory image. The embedder can set this to a
2142 /// known maximum heap size if they desire to always get the benefits of
2143 /// copy-on-write images.
2144 ///
2145 /// In the future we may implement a "best of both worlds"
2146 /// solution where we have a dense image up to some limit, and
2147 /// then support a sparse list of initializers beyond that; this
2148 /// would get most of the benefit of copy-on-write and pay the incremental
2149 /// cost of eager initialization only for those bits of memory
2150 /// that are out-of-bounds. However, for now, an embedder desiring
2151 /// fast instantiation should ensure that this setting is as large
2152 /// as the maximum module initial memory content size.
2153 ///
2154 /// By default this value is 16 MiB.
memory_guaranteed_dense_image_size(&mut self, size_in_bytes: u64) -> &mut Self2155 pub fn memory_guaranteed_dense_image_size(&mut self, size_in_bytes: u64) -> &mut Self {
2156 self.memory_guaranteed_dense_image_size = size_in_bytes;
2157 self
2158 }
2159
2160 /// Whether to enable function inlining during compilation or not.
2161 ///
2162 /// This may result in faster execution at runtime, but adds additional
2163 /// compilation time. Inlining may also enlarge the size of compiled
2164 /// artifacts (for example, the size of the result of
2165 /// [`Engine::precompile_component`](crate::Engine::precompile_component)).
2166 ///
2167 /// Inlining is not supported by all of Wasmtime's compilation strategies;
2168 /// currently, it only Cranelift supports it. This setting will be ignored
2169 /// when using a compilation strategy that does not support inlining, like
2170 /// Winch.
2171 ///
2172 /// Note that inlining is still somewhat experimental at the moment (as of
2173 /// the Wasmtime version 36).
compiler_inlining(&mut self, inlining: bool) -> &mut Self2174 pub fn compiler_inlining(&mut self, inlining: bool) -> &mut Self {
2175 self.tunables.inlining = Some(inlining);
2176 self
2177 }
2178
2179 /// Returns the set of features that the currently selected compiler backend
2180 /// does not support at all and may panic on.
2181 ///
2182 /// Wasmtime strives to reject unknown modules or unsupported modules with
2183 /// first-class errors instead of panics. Not all compiler backends have the
2184 /// same level of feature support on all platforms as well. This method
2185 /// returns a set of features that the currently selected compiler
2186 /// configuration is known to not support and may panic on. This acts as a
2187 /// first-level filter on incoming wasm modules/configuration to fail-fast
2188 /// instead of panicking later on.
2189 ///
2190 /// Note that if a feature is not listed here it does not mean that the
2191 /// backend fully supports the proposal. Instead that means that the backend
2192 /// doesn't ever panic on the proposal, but errors during compilation may
2193 /// still be returned. This means that features listed here are definitely
2194 /// not supported at all, but features not listed here may still be
2195 /// partially supported. For example at the time of this writing the Winch
2196 /// backend partially supports simd so it's not listed here. Winch doesn't
2197 /// fully support simd but unimplemented instructions just return errors.
compiler_panicking_wasm_features(&self) -> WasmFeatures2198 fn compiler_panicking_wasm_features(&self) -> WasmFeatures {
2199 // First we compute the set of features that Wasmtime itself knows;
2200 // this is a sort of "maximal set" that we invert to create a set
2201 // of features we _definitely can't support_ because wasmtime
2202 // has never heard of them.
2203 let features_known_to_wasmtime = WasmFeatures::empty()
2204 | WasmFeatures::MUTABLE_GLOBAL
2205 | WasmFeatures::SATURATING_FLOAT_TO_INT
2206 | WasmFeatures::SIGN_EXTENSION
2207 | WasmFeatures::REFERENCE_TYPES
2208 | WasmFeatures::CALL_INDIRECT_OVERLONG
2209 | WasmFeatures::MULTI_VALUE
2210 | WasmFeatures::BULK_MEMORY
2211 | WasmFeatures::BULK_MEMORY_OPT
2212 | WasmFeatures::SIMD
2213 | WasmFeatures::RELAXED_SIMD
2214 | WasmFeatures::THREADS
2215 | WasmFeatures::SHARED_EVERYTHING_THREADS
2216 | WasmFeatures::TAIL_CALL
2217 | WasmFeatures::FLOATS
2218 | WasmFeatures::MULTI_MEMORY
2219 | WasmFeatures::EXCEPTIONS
2220 | WasmFeatures::MEMORY64
2221 | WasmFeatures::EXTENDED_CONST
2222 | WasmFeatures::COMPONENT_MODEL
2223 | WasmFeatures::FUNCTION_REFERENCES
2224 | WasmFeatures::GC
2225 | WasmFeatures::CUSTOM_PAGE_SIZES
2226 | WasmFeatures::GC_TYPES
2227 | WasmFeatures::STACK_SWITCHING
2228 | WasmFeatures::WIDE_ARITHMETIC
2229 | WasmFeatures::CM_ASYNC
2230 | WasmFeatures::CM_ASYNC_STACKFUL
2231 | WasmFeatures::CM_ASYNC_BUILTINS
2232 | WasmFeatures::CM_THREADING
2233 | WasmFeatures::CM_ERROR_CONTEXT
2234 | WasmFeatures::CM_GC
2235 | WasmFeatures::CM_MAP
2236 | WasmFeatures::CM_FIXED_LENGTH_LISTS;
2237
2238 #[allow(unused_mut, reason = "easier to avoid #[cfg]")]
2239 let mut unsupported = !features_known_to_wasmtime;
2240
2241 #[cfg(any(feature = "cranelift", feature = "winch"))]
2242 match self.compiler_config.as_ref().and_then(|c| c.strategy) {
2243 None | Some(Strategy::Cranelift) => {
2244 // Pulley at this time fundamentally doesn't support the
2245 // `threads` proposal, notably shared memory, because Rust can't
2246 // safely implement loads/stores in the face of shared memory.
2247 // Stack switching is not implemented, either.
2248 if self.compiler_target().is_pulley() {
2249 unsupported |= WasmFeatures::THREADS;
2250 unsupported |= WasmFeatures::STACK_SWITCHING;
2251 }
2252
2253 use target_lexicon::*;
2254 match self.compiler_target() {
2255 Triple {
2256 architecture: Architecture::X86_64 | Architecture::X86_64h,
2257 operating_system:
2258 OperatingSystem::Linux
2259 | OperatingSystem::MacOSX(_)
2260 | OperatingSystem::Darwin(_),
2261 ..
2262 } => {
2263 // Stack switching supported on (non-Pulley) Cranelift.
2264 }
2265
2266 _ => {
2267 // On platforms other than x64 Unix-like, we don't
2268 // support stack switching.
2269 unsupported |= WasmFeatures::STACK_SWITCHING;
2270 }
2271 }
2272 }
2273 Some(Strategy::Winch) => {
2274 unsupported |= WasmFeatures::GC
2275 | WasmFeatures::FUNCTION_REFERENCES
2276 | WasmFeatures::RELAXED_SIMD
2277 | WasmFeatures::TAIL_CALL
2278 | WasmFeatures::GC_TYPES
2279 | WasmFeatures::EXCEPTIONS
2280 | WasmFeatures::LEGACY_EXCEPTIONS
2281 | WasmFeatures::STACK_SWITCHING
2282 | WasmFeatures::CM_ASYNC;
2283 match self.compiler_target().architecture {
2284 target_lexicon::Architecture::Aarch64(_) => {
2285 unsupported |= WasmFeatures::THREADS;
2286 unsupported |= WasmFeatures::WIDE_ARITHMETIC;
2287 }
2288
2289 // Winch doesn't support other non-x64 architectures at this
2290 // time either but will return an first-class error for
2291 // them.
2292 _ => {}
2293 }
2294 }
2295 Some(Strategy::Auto) => unreachable!(),
2296 }
2297 unsupported
2298 }
2299
2300 /// Calculates the set of features that are enabled for this `Config`.
2301 ///
2302 /// This method internally will start with the an empty set of features to
2303 /// avoid being tied to wasmparser's defaults. Next Wasmtime's set of
2304 /// default features are added to this set, some of which are conditional
2305 /// depending on crate features. Finally explicitly requested features via
2306 /// `wasm_*` methods on `Config` are applied. Everything is then validated
2307 /// later in `Config::validate`.
features(&self) -> WasmFeatures2308 fn features(&self) -> WasmFeatures {
2309 // Wasmtime by default supports all of the wasm 2.0 version of the
2310 // specification.
2311 let mut features = WasmFeatures::WASM2;
2312
2313 // On-by-default features that wasmtime has. Note that these are all
2314 // subject to the criteria at
2315 // https://docs.wasmtime.dev/contributing-implementing-wasm-proposals.html
2316 // and
2317 // https://docs.wasmtime.dev/stability-wasm-proposals.html
2318 features |= WasmFeatures::MULTI_MEMORY;
2319 features |= WasmFeatures::RELAXED_SIMD;
2320 features |= WasmFeatures::TAIL_CALL;
2321 features |= WasmFeatures::EXTENDED_CONST;
2322 features |= WasmFeatures::MEMORY64;
2323 // NB: if you add a feature above this line please double-check
2324 // https://docs.wasmtime.dev/stability-wasm-proposals.html
2325 // to ensure all requirements are met and/or update the documentation
2326 // there too.
2327
2328 // Set some features to their conditionally-enabled defaults depending
2329 // on crate compile-time features.
2330 features.set(WasmFeatures::GC_TYPES, cfg!(feature = "gc"));
2331 features.set(WasmFeatures::THREADS, cfg!(feature = "threads"));
2332 features.set(
2333 WasmFeatures::COMPONENT_MODEL,
2334 cfg!(feature = "component-model"),
2335 );
2336
2337 // From the default set of proposals remove any that the current
2338 // compiler backend may panic on if the module contains them.
2339 features = features & !self.compiler_panicking_wasm_features();
2340
2341 // After wasmtime's defaults are configured then factor in user requests
2342 // and disable/enable features. Note that the enable/disable sets should
2343 // be disjoint.
2344 debug_assert!((self.enabled_features & self.disabled_features).is_empty());
2345 features &= !self.disabled_features;
2346 features |= self.enabled_features;
2347
2348 features
2349 }
2350
2351 /// Returns the configured compiler target for this `Config`.
compiler_target(&self) -> target_lexicon::Triple2352 pub(crate) fn compiler_target(&self) -> target_lexicon::Triple {
2353 // If a target is explicitly configured, always use that.
2354 if let Some(target) = self.target.clone() {
2355 return target;
2356 }
2357
2358 // If the `build.rs` script determined that this platform uses pulley by
2359 // default, then use Pulley.
2360 if cfg!(default_target_pulley) {
2361 return target_lexicon::Triple::pulley_host();
2362 }
2363
2364 // And at this point the target is for sure the host.
2365 target_lexicon::Triple::host()
2366 }
2367
validate(&self) -> Result<(Tunables, WasmFeatures)>2368 pub(crate) fn validate(&self) -> Result<(Tunables, WasmFeatures)> {
2369 let features = self.features();
2370
2371 // First validate that the selected compiler backend and configuration
2372 // supports the set of `features` that are enabled. This will help
2373 // provide more first class errors instead of panics about unsupported
2374 // features and configurations.
2375 let unsupported = features & self.compiler_panicking_wasm_features();
2376 if !unsupported.is_empty() {
2377 for flag in WasmFeatures::FLAGS.iter() {
2378 if !unsupported.contains(*flag.value()) {
2379 continue;
2380 }
2381 bail!(
2382 "the wasm_{} feature is not supported on this compiler configuration",
2383 flag.name().to_lowercase()
2384 );
2385 }
2386
2387 panic!("should have returned an error by now")
2388 }
2389
2390 #[cfg(any(feature = "async", feature = "stack-switching"))]
2391 if self.max_wasm_stack > self.async_stack_size {
2392 bail!("max_wasm_stack size cannot exceed the async_stack_size");
2393 }
2394 if self.max_wasm_stack == 0 {
2395 bail!("max_wasm_stack size cannot be zero");
2396 }
2397 if !cfg!(feature = "wmemcheck") && self.wmemcheck {
2398 bail!("wmemcheck (memory checker) was requested but is not enabled in this build");
2399 }
2400
2401 if !cfg!(feature = "gc") && features.gc_types() {
2402 bail!("support for GC was disabled at compile time")
2403 }
2404
2405 if !cfg!(feature = "gc") && features.contains(WasmFeatures::EXCEPTIONS) {
2406 bail!("exceptions support requires garbage collection (GC) to be enabled in the build");
2407 }
2408
2409 match &self.rr_config {
2410 #[cfg(feature = "rr")]
2411 RRConfig::Recording | RRConfig::Replaying => {
2412 self.validate_rr_determinism_conflicts()?;
2413 }
2414 RRConfig::None => {}
2415 };
2416
2417 let mut tunables = Tunables::default_for_target(&self.compiler_target())?;
2418
2419 // By default this is enabled with the Cargo feature, and if the feature
2420 // is missing this is disabled.
2421 tunables.concurrency_support = cfg!(feature = "component-model-async");
2422
2423 #[cfg(feature = "rr")]
2424 {
2425 tunables.recording = matches!(self.rr_config, RRConfig::Recording);
2426 }
2427
2428 // If no target is explicitly specified then further refine `tunables`
2429 // for the configuration of this host depending on what platform
2430 // features were found available at compile time. This means that anyone
2431 // cross-compiling for a customized host will need to further refine
2432 // compilation options.
2433 if self.target.is_none() {
2434 // If this platform doesn't have native signals then change some
2435 // defaults to account for that. Note that VM guards are turned off
2436 // here because that's primarily a feature of eliding
2437 // bounds-checks.
2438 if !cfg!(has_native_signals) {
2439 tunables.signals_based_traps = cfg!(has_native_signals);
2440 tunables.memory_guard_size = 0;
2441 }
2442
2443 // When virtual memory is not available use slightly different
2444 // defaults for tunables to be more amenable to `MallocMemory`.
2445 // Note that these can still be overridden by config options.
2446 if !cfg!(has_virtual_memory) {
2447 tunables.memory_reservation = 0;
2448 tunables.memory_reservation_for_growth = 1 << 20; // 1MB
2449 tunables.memory_init_cow = false;
2450 }
2451 }
2452
2453 // If guest-debugging is enabled, we must disable
2454 // signals-based traps. Do this before we process the user's
2455 // provided tunables settings so we can detect a conflict with
2456 // an explicit request to use signals-based traps.
2457 #[cfg(feature = "debug")]
2458 if self.tunables.debug_guest == Some(true) {
2459 tunables.signals_based_traps = false;
2460 }
2461
2462 self.tunables.configure(&mut tunables);
2463
2464 // If we're going to compile with winch, we must use the winch calling convention.
2465 #[cfg(any(feature = "cranelift", feature = "winch"))]
2466 {
2467 tunables.winch_callable = self
2468 .compiler_config
2469 .as_ref()
2470 .is_some_and(|c| c.strategy == Some(Strategy::Winch));
2471 }
2472
2473 tunables.collector = if features.gc_types() {
2474 #[cfg(feature = "gc")]
2475 {
2476 use wasmtime_environ::Collector as EnvCollector;
2477 Some(match self.collector.try_not_auto()? {
2478 Collector::DeferredReferenceCounting => EnvCollector::DeferredReferenceCounting,
2479 Collector::Null => EnvCollector::Null,
2480 Collector::Auto => unreachable!(),
2481 })
2482 }
2483 #[cfg(not(feature = "gc"))]
2484 bail!("cannot use GC types: the `gc` feature was disabled at compile time")
2485 } else {
2486 None
2487 };
2488
2489 if tunables.debug_guest {
2490 ensure!(
2491 cfg!(feature = "debug"),
2492 "debug instrumentation support was disabled at compile time"
2493 );
2494 ensure!(
2495 !tunables.signals_based_traps,
2496 "cannot use signals-based traps with guest debugging enabled"
2497 );
2498 }
2499
2500 // Concurrency support is required for some component model features.
2501 let requires_concurrency = WasmFeatures::CM_ASYNC
2502 | WasmFeatures::CM_ASYNC_BUILTINS
2503 | WasmFeatures::CM_ASYNC_STACKFUL
2504 | WasmFeatures::CM_THREADING
2505 | WasmFeatures::CM_ERROR_CONTEXT;
2506 if tunables.concurrency_support && !cfg!(feature = "component-model-async") {
2507 bail!(
2508 "concurrency support was requested but was not \
2509 compiled into this build of Wasmtime"
2510 )
2511 }
2512 if !tunables.concurrency_support && features.intersects(requires_concurrency) {
2513 bail!(
2514 "concurrency support must be enabled to use the component \
2515 model async or threading features"
2516 )
2517 }
2518
2519 Ok((tunables, features))
2520 }
2521
2522 #[cfg(feature = "runtime")]
build_allocator( &self, tunables: &Tunables, ) -> Result<Box<dyn InstanceAllocator + Send + Sync>>2523 pub(crate) fn build_allocator(
2524 &self,
2525 tunables: &Tunables,
2526 ) -> Result<Box<dyn InstanceAllocator + Send + Sync>> {
2527 #[cfg(feature = "async")]
2528 let (stack_size, stack_zeroing) = (self.async_stack_size, self.async_stack_zeroing);
2529
2530 #[cfg(not(feature = "async"))]
2531 let (stack_size, stack_zeroing) = (0, false);
2532
2533 let _ = tunables;
2534
2535 match &self.allocation_strategy {
2536 InstanceAllocationStrategy::OnDemand => {
2537 let mut _allocator = try_new::<Box<_>>(OnDemandInstanceAllocator::new(
2538 self.mem_creator.clone(),
2539 stack_size,
2540 stack_zeroing,
2541 ))?;
2542 #[cfg(feature = "async")]
2543 if let Some(stack_creator) = &self.stack_creator {
2544 _allocator.set_stack_creator(stack_creator.clone());
2545 }
2546 Ok(_allocator as _)
2547 }
2548 #[cfg(feature = "pooling-allocator")]
2549 InstanceAllocationStrategy::Pooling(config) => {
2550 let mut config = config.config;
2551 config.stack_size = stack_size;
2552 config.async_stack_zeroing = stack_zeroing;
2553 let allocator = try_new::<Box<_>>(
2554 crate::runtime::vm::PoolingInstanceAllocator::new(&config, tunables)?,
2555 )?;
2556 Ok(allocator as _)
2557 }
2558 }
2559 }
2560
2561 #[cfg(feature = "runtime")]
build_gc_runtime(&self) -> Result<Option<Arc<dyn GcRuntime>>>2562 pub(crate) fn build_gc_runtime(&self) -> Result<Option<Arc<dyn GcRuntime>>> {
2563 if !self.features().gc_types() {
2564 return Ok(None);
2565 }
2566
2567 #[cfg(not(feature = "gc"))]
2568 bail!("cannot create a GC runtime: the `gc` feature was disabled at compile time");
2569
2570 #[cfg(feature = "gc")]
2571 #[cfg_attr(
2572 not(any(feature = "gc-null", feature = "gc-drc")),
2573 expect(unreachable_code, reason = "definitions known to be dummy")
2574 )]
2575 {
2576 Ok(Some(match self.collector.try_not_auto()? {
2577 #[cfg(feature = "gc-drc")]
2578 Collector::DeferredReferenceCounting => {
2579 try_new::<Arc<_>>(crate::runtime::vm::DrcCollector::default())? as _
2580 }
2581 #[cfg(not(feature = "gc-drc"))]
2582 Collector::DeferredReferenceCounting => unreachable!(),
2583
2584 #[cfg(feature = "gc-null")]
2585 Collector::Null => {
2586 try_new::<Arc<_>>(crate::runtime::vm::NullCollector::default())? as _
2587 }
2588 #[cfg(not(feature = "gc-null"))]
2589 Collector::Null => unreachable!(),
2590
2591 Collector::Auto => unreachable!(),
2592 }))
2593 }
2594 }
2595
2596 #[cfg(feature = "runtime")]
build_profiler(&self) -> Result<Box<dyn ProfilingAgent>>2597 pub(crate) fn build_profiler(&self) -> Result<Box<dyn ProfilingAgent>> {
2598 Ok(match self.profiling_strategy {
2599 ProfilingStrategy::PerfMap => profiling_agent::new_perfmap()?,
2600 ProfilingStrategy::JitDump => profiling_agent::new_jitdump()?,
2601 ProfilingStrategy::VTune => profiling_agent::new_vtune()?,
2602 ProfilingStrategy::None => profiling_agent::new_null(),
2603 ProfilingStrategy::Pulley => profiling_agent::new_pulley()?,
2604 })
2605 }
2606
2607 #[cfg(any(feature = "cranelift", feature = "winch"))]
build_compiler( mut self, tunables: &mut Tunables, features: WasmFeatures, ) -> Result<(Self, Box<dyn wasmtime_environ::Compiler>)>2608 pub(crate) fn build_compiler(
2609 mut self,
2610 tunables: &mut Tunables,
2611 features: WasmFeatures,
2612 ) -> Result<(Self, Box<dyn wasmtime_environ::Compiler>)> {
2613 let target = self.compiler_target();
2614
2615 // The target passed to the builders below is an `Option<Triple>` where
2616 // `None` represents the current host with CPU features inferred from
2617 // the host's CPU itself. The `target` above is not an `Option`, so
2618 // switch it to `None` in the case that a target wasn't explicitly
2619 // specified (which indicates no feature inference) and the target
2620 // matches the host.
2621 let target_for_builder =
2622 if self.target.is_none() && target == target_lexicon::Triple::host() {
2623 None
2624 } else {
2625 Some(target.clone())
2626 };
2627
2628 let mut compiler = match self.compiler_config_mut().strategy {
2629 #[cfg(feature = "cranelift")]
2630 Some(Strategy::Cranelift) => wasmtime_cranelift::builder(target_for_builder)?,
2631 #[cfg(not(feature = "cranelift"))]
2632 Some(Strategy::Cranelift) => bail!("cranelift support not compiled in"),
2633 #[cfg(feature = "winch")]
2634 Some(Strategy::Winch) => wasmtime_winch::builder(target_for_builder)?,
2635 #[cfg(not(feature = "winch"))]
2636 Some(Strategy::Winch) => bail!("winch support not compiled in"),
2637
2638 None | Some(Strategy::Auto) => unreachable!(),
2639 };
2640
2641 if let Some(path) = &self.compiler_config_mut().clif_dir {
2642 compiler.clif_dir(path)?;
2643 }
2644
2645 // If probestack is enabled for a target, Wasmtime will always use the
2646 // inline strategy which doesn't require us to define a `__probestack`
2647 // function or similar.
2648 self.compiler_config_mut()
2649 .settings
2650 .insert("probestack_strategy".into(), "inline".into());
2651
2652 // We enable stack probing by default on all targets.
2653 // This is required on Windows because of the way Windows
2654 // commits its stacks, but it's also a good idea on other
2655 // platforms to ensure guard pages are hit for large frame
2656 // sizes.
2657 self.compiler_config_mut()
2658 .flags
2659 .insert("enable_probestack".into());
2660
2661 // The current wasm multivalue implementation depends on this.
2662 // FIXME(#9510) handle this in wasmtime-cranelift instead.
2663 self.compiler_config_mut()
2664 .flags
2665 .insert("enable_multi_ret_implicit_sret".into());
2666
2667 if let Some(unwind_requested) = self.native_unwind_info {
2668 if !self
2669 .compiler_config_mut()
2670 .ensure_setting_unset_or_given("unwind_info", &unwind_requested.to_string())
2671 {
2672 bail!(
2673 "incompatible settings requested for Cranelift and Wasmtime `unwind-info` settings"
2674 );
2675 }
2676 }
2677
2678 if target.operating_system == target_lexicon::OperatingSystem::Windows {
2679 if !self
2680 .compiler_config_mut()
2681 .ensure_setting_unset_or_given("unwind_info", "true")
2682 {
2683 bail!("`native_unwind_info` cannot be disabled on Windows");
2684 }
2685 }
2686
2687 // We require frame pointers for correct stack walking, which is safety
2688 // critical in the presence of reference types, and otherwise it is just
2689 // really bad developer experience to get wrong.
2690 self.compiler_config_mut()
2691 .settings
2692 .insert("preserve_frame_pointers".into(), "true".into());
2693
2694 if !tunables.signals_based_traps {
2695 let mut ok = self
2696 .compiler_config_mut()
2697 .ensure_setting_unset_or_given("enable_table_access_spectre_mitigation", "false");
2698 ok = ok
2699 && self.compiler_config_mut().ensure_setting_unset_or_given(
2700 "enable_heap_access_spectre_mitigation",
2701 "false",
2702 );
2703
2704 // Right now spectre-mitigated bounds checks will load from zero so
2705 // if host-based signal handlers are disabled then that's a mismatch
2706 // and doesn't work right now. Fixing this will require more thought
2707 // of how to implement the bounds check in spectre-only mode.
2708 if !ok {
2709 bail!(
2710 "when signals-based traps are disabled then spectre \
2711 mitigations must also be disabled"
2712 );
2713 }
2714 }
2715
2716 if features.contains(WasmFeatures::RELAXED_SIMD) && !features.contains(WasmFeatures::SIMD) {
2717 bail!("cannot disable the simd proposal but enable the relaxed simd proposal");
2718 }
2719
2720 if features.contains(WasmFeatures::STACK_SWITCHING) {
2721 use target_lexicon::OperatingSystem;
2722 let model = match target.operating_system {
2723 OperatingSystem::Windows => "update_windows_tib",
2724 OperatingSystem::Linux
2725 | OperatingSystem::MacOSX(_)
2726 | OperatingSystem::Darwin(_) => "basic",
2727 _ => bail!("stack-switching feature not supported on this platform "),
2728 };
2729
2730 if !self
2731 .compiler_config_mut()
2732 .ensure_setting_unset_or_given("stack_switch_model", model)
2733 {
2734 bail!(
2735 "compiler option 'stack_switch_model' must be set to '{model}' on this platform"
2736 );
2737 }
2738 }
2739
2740 // Apply compiler settings and flags
2741 compiler.set_tunables(tunables.clone())?;
2742 for (k, v) in self.compiler_config_mut().settings.iter() {
2743 compiler.set(k, v)?;
2744 }
2745 for flag in self.compiler_config_mut().flags.iter() {
2746 compiler.enable(flag)?;
2747 }
2748 *tunables = compiler.tunables().cloned().unwrap();
2749
2750 #[cfg(all(feature = "incremental-cache", feature = "cranelift"))]
2751 if let Some(cache_store) = &self.compiler_config_mut().cache_store {
2752 compiler.enable_incremental_compilation(cache_store.clone())?;
2753 }
2754
2755 compiler.wmemcheck(self.compiler_config_mut().wmemcheck);
2756
2757 Ok((self, compiler.build()?))
2758 }
2759
2760 /// Internal setting for whether adapter modules for components will have
2761 /// extra WebAssembly instructions inserted performing more debug checks
2762 /// then are necessary.
2763 #[cfg(feature = "component-model")]
debug_adapter_modules(&mut self, debug: bool) -> &mut Self2764 pub fn debug_adapter_modules(&mut self, debug: bool) -> &mut Self {
2765 self.tunables.debug_adapter_modules = Some(debug);
2766 self
2767 }
2768
2769 /// Enables clif output when compiling a WebAssembly module.
2770 #[cfg(any(feature = "cranelift", feature = "winch"))]
emit_clif(&mut self, path: &Path) -> &mut Self2771 pub fn emit_clif(&mut self, path: &Path) -> &mut Self {
2772 self.compiler_config_mut().clif_dir = Some(path.to_path_buf());
2773 self
2774 }
2775
2776 /// Configures whether, when on macOS, Mach ports are used for exception
2777 /// handling instead of traditional Unix-based signal handling.
2778 ///
2779 /// WebAssembly traps in Wasmtime are implemented with native faults, for
2780 /// example a `SIGSEGV` will occur when a WebAssembly guest accesses
2781 /// out-of-bounds memory. Handling this can be configured to either use Unix
2782 /// signals or Mach ports on macOS. By default Mach ports are used.
2783 ///
2784 /// Mach ports enable Wasmtime to work by default with foreign
2785 /// error-handling systems such as breakpad which also use Mach ports to
2786 /// handle signals. In this situation Wasmtime will continue to handle guest
2787 /// faults gracefully while any non-guest faults will get forwarded to
2788 /// process-level handlers such as breakpad. Some more background on this
2789 /// can be found in #2456.
2790 ///
2791 /// A downside of using mach ports, however, is that they don't interact
2792 /// well with `fork()`. Forking a Wasmtime process on macOS will produce a
2793 /// child process that cannot successfully run WebAssembly. In this
2794 /// situation traditional Unix signal handling should be used as that's
2795 /// inherited and works across forks.
2796 ///
2797 /// If your embedding wants to use a custom error handler which leverages
2798 /// Mach ports and you additionally wish to `fork()` the process and use
2799 /// Wasmtime in the child process that's not currently possible. Please
2800 /// reach out to us if you're in this bucket!
2801 ///
2802 /// This option defaults to `true`, using Mach ports by default.
macos_use_mach_ports(&mut self, mach_ports: bool) -> &mut Self2803 pub fn macos_use_mach_ports(&mut self, mach_ports: bool) -> &mut Self {
2804 self.macos_use_mach_ports = mach_ports;
2805 self
2806 }
2807
2808 /// Configures an embedder-provided function, `detect`, which is used to
2809 /// determine if an ISA-specific feature is available on the current host.
2810 ///
2811 /// This function is used to verify that any features enabled for a compiler
2812 /// backend, such as AVX support on x86\_64, are also available on the host.
2813 /// It is undefined behavior to execute an AVX instruction on a host that
2814 /// doesn't support AVX instructions, for example.
2815 ///
2816 /// When the `std` feature is active on this crate then this function is
2817 /// configured to a default implementation that uses the standard library's
2818 /// feature detection. When the `std` feature is disabled then there is no
2819 /// default available and this method must be called to configure a feature
2820 /// probing function.
2821 ///
2822 /// The `detect` function provided is given a string name of an ISA feature.
2823 /// The function should then return:
2824 ///
2825 /// * `Some(true)` - indicates that the feature was found on the host and it
2826 /// is supported.
2827 /// * `Some(false)` - the feature name was recognized but it was not
2828 /// detected on the host, for example the CPU is too old.
2829 /// * `None` - the feature name was not recognized and it's not known
2830 /// whether it's on the host or not.
2831 ///
2832 /// Feature names passed to `detect` match the same feature name used in the
2833 /// Rust standard library. For example `"sse4.2"` is used on x86\_64.
2834 ///
2835 /// # Unsafety
2836 ///
2837 /// This function is `unsafe` because it is undefined behavior to execute
2838 /// instructions that a host does not support. This means that the result of
2839 /// `detect` must be correct for memory safe execution at runtime.
detect_host_feature(&mut self, detect: fn(&str) -> Option<bool>) -> &mut Self2840 pub unsafe fn detect_host_feature(&mut self, detect: fn(&str) -> Option<bool>) -> &mut Self {
2841 self.detect_host_feature = Some(detect);
2842 self
2843 }
2844
2845 /// Configures Wasmtime to not use signals-based trap handlers, for example
2846 /// disables `SIGILL` and `SIGSEGV` handler registration on Unix platforms.
2847 ///
2848 /// > **Note:** this option has important performance ramifications, be sure
2849 /// > to understand the implications. Wasm programs have been measured to
2850 /// > run up to 2x slower when signals-based traps are disabled.
2851 ///
2852 /// Wasmtime will by default leverage signals-based trap handlers (or the
2853 /// platform equivalent, for example "vectored exception handlers" on
2854 /// Windows) to make generated code more efficient. For example, when
2855 /// Wasmtime can use signals-based traps, it can elide explicit bounds
2856 /// checks for Wasm linear memory accesses, instead relying on virtual
2857 /// memory guard pages to raise a `SIGSEGV` (on Unix) for out-of-bounds
2858 /// accesses, which Wasmtime's runtime then catches and handles. Another
2859 /// example is divide-by-zero: with signals-based traps, Wasmtime can let
2860 /// the hardware raise a trap when the divisor is zero. Without
2861 /// signals-based traps, Wasmtime must explicitly emit additional
2862 /// instructions to check for zero and conditionally branch to a trapping
2863 /// code path.
2864 ///
2865 /// Some environments however may not have access to signal handlers. For
2866 /// example embedded scenarios may not support virtual memory. Other
2867 /// environments where Wasmtime is embedded within the surrounding
2868 /// environment may require that new signal handlers aren't registered due
2869 /// to the global nature of signal handlers. This option exists to disable
2870 /// the signal handler registration when required for these scenarios.
2871 ///
2872 /// When signals-based trap handlers are disabled, then Wasmtime and its
2873 /// generated code will *never* rely on segfaults or other
2874 /// signals. Generated code will be slower because bounds must be explicitly
2875 /// checked along with other conditions like division by zero.
2876 ///
2877 /// The following additional factors can also affect Wasmtime's ability to
2878 /// elide explicit bounds checks and leverage signals-based traps:
2879 ///
2880 /// * The [`Config::memory_reservation`] and [`Config::memory_guard_size`]
2881 /// settings
2882 /// * The index type of the linear memory (e.g. 32-bit or 64-bit)
2883 /// * The page size of the linear memory
2884 ///
2885 /// When this option is disabled, the
2886 /// `enable_heap_access_spectre_mitigation` and
2887 /// `enable_table_access_spectre_mitigation` Cranelift settings must also be
2888 /// disabled. This means that generated code must have spectre mitigations
2889 /// disabled. This is because spectre mitigations rely on faults from
2890 /// loading from the null address to implement bounds checks.
2891 ///
2892 /// This option defaults to `true`: signals-based trap handlers are enabled
2893 /// by default.
2894 ///
2895 /// > **Note:** Disabling this option is not compatible with the Winch
2896 /// > compiler.
signals_based_traps(&mut self, enable: bool) -> &mut Self2897 pub fn signals_based_traps(&mut self, enable: bool) -> &mut Self {
2898 self.tunables.signals_based_traps = Some(enable);
2899 self
2900 }
2901
2902 /// Enable/disable GC support in Wasmtime entirely.
2903 ///
2904 /// This flag can be used to gate whether GC infrastructure is enabled or
2905 /// initialized in Wasmtime at all. Wasmtime's GC implementation is required
2906 /// for the [`Self::wasm_gc`] proposal, [`Self::wasm_function_references`],
2907 /// and [`Self::wasm_exceptions`] at this time. None of those proposal can
2908 /// be enabled without also having this option enabled.
2909 ///
2910 /// This option defaults to whether the crate `gc` feature is enabled or
2911 /// not.
gc_support(&mut self, enable: bool) -> &mut Self2912 pub fn gc_support(&mut self, enable: bool) -> &mut Self {
2913 self.wasm_features(WasmFeatures::GC_TYPES, enable)
2914 }
2915
2916 /// Explicitly indicate or not whether the host is using a hardware float
2917 /// ABI on x86 targets.
2918 ///
2919 /// This configuration option is only applicable on the
2920 /// `x86_64-unknown-none` Rust target and has no effect on other host
2921 /// targets. The `x86_64-unknown-none` Rust target does not support hardware
2922 /// floats by default and uses a "soft float" implementation and ABI. This
2923 /// means that `f32`, for example, is passed in a general-purpose register
2924 /// between functions instead of a floating-point register. This does not
2925 /// match Cranelift's ABI for `f32` where it's passed in floating-point
2926 /// registers. Cranelift does not have support for a "soft float"
2927 /// implementation where all floating-point operations are lowered to
2928 /// libcalls.
2929 ///
2930 /// This means that for the `x86_64-unknown-none` target the ABI between
2931 /// Wasmtime's libcalls and the host is incompatible when floats are used.
2932 /// This further means that, by default, Wasmtime is unable to load native
2933 /// code when compiled to the `x86_64-unknown-none` target. The purpose of
2934 /// this option is to explicitly allow loading code and bypass this check.
2935 ///
2936 /// Setting this configuration option to `true` indicates that either:
2937 /// (a) the Rust target is compiled with the hard-float ABI manually via
2938 /// `-Zbuild-std` and a custom target JSON configuration, or (b) sufficient
2939 /// x86 features have been enabled in the compiler such that float libcalls
2940 /// will not be used in Wasmtime. For (a) there is no way in Rust at this
2941 /// time to detect whether a hard-float or soft-float ABI is in use on
2942 /// stable Rust, so this manual opt-in is required. For (b) the only
2943 /// instance where Wasmtime passes a floating-point value in a register
2944 /// between the host and compiled wasm code is with libcalls.
2945 ///
2946 /// Float-based libcalls are only used when the compilation target for a
2947 /// wasm module has insufficient target features enabled for native
2948 /// support. For example SSE4.1 is required for the `f32.ceil` WebAssembly
2949 /// instruction to be compiled to a native instruction. If SSE4.1 is not
2950 /// enabled then `f32.ceil` is translated to a "libcall" which is
2951 /// implemented on the host. Float-based libcalls can be avoided with
2952 /// sufficient target features enabled, for example:
2953 ///
2954 /// * `self.cranelift_flag_enable("has_sse3")`
2955 /// * `self.cranelift_flag_enable("has_ssse3")`
2956 /// * `self.cranelift_flag_enable("has_sse41")`
2957 /// * `self.cranelift_flag_enable("has_sse42")`
2958 /// * `self.cranelift_flag_enable("has_fma")`
2959 ///
2960 /// Note that when these features are enabled Wasmtime will perform a
2961 /// runtime check to determine that the host actually has the feature
2962 /// present.
2963 ///
2964 /// For some more discussion see [#11506].
2965 ///
2966 /// [#11506]: https://github.com/bytecodealliance/wasmtime/issues/11506
2967 ///
2968 /// # Safety
2969 ///
2970 /// This method is not safe because it cannot be detected in Rust right now
2971 /// whether the host is compiled with a soft or hard float ABI. Additionally
2972 /// if the host is compiled with a soft float ABI disabling this check does
2973 /// not ensure that the wasm module in question has zero usage of floats
2974 /// in the boundary to the host.
2975 ///
2976 /// Safely using this method requires one of:
2977 ///
2978 /// * The host target is compiled to use hardware floats.
2979 /// * Wasm modules loaded are compiled with enough x86 Cranelift features
2980 /// enabled to avoid float-related hostcalls.
x86_float_abi_ok(&mut self, enable: bool) -> &mut Self2981 pub unsafe fn x86_float_abi_ok(&mut self, enable: bool) -> &mut Self {
2982 self.x86_float_abi_ok = Some(enable);
2983 self
2984 }
2985
2986 /// Enable or disable the ability to create a
2987 /// [`SharedMemory`](crate::SharedMemory).
2988 ///
2989 /// The WebAssembly threads proposal, configured by [`Config::wasm_threads`]
2990 /// is on-by-default but there are enough deficiencies in Wasmtime's
2991 /// implementation and API integration that creation of a shared memory is
2992 /// disabled by default. This configuration knob can be used to enable this.
2993 ///
2994 /// When enabling this method be aware that wasm threads are, at this time,
2995 /// a [tier 2
2996 /// feature](https://docs.wasmtime.dev/stability-tiers.html#tier-2) in
2997 /// Wasmtime meaning that it will not receive security updates or fixes to
2998 /// historical releases. Additionally security CVEs will not be issued for
2999 /// bugs in the implementation.
3000 ///
3001 /// This option is `false` by default.
shared_memory(&mut self, enable: bool) -> &mut Self3002 pub fn shared_memory(&mut self, enable: bool) -> &mut Self {
3003 self.shared_memory = enable;
3004 self
3005 }
3006
3007 /// Specifies whether support for concurrent execution of WebAssembly is
3008 /// supported within this store.
3009 ///
3010 /// This configuration option affects whether runtime data structures are
3011 /// initialized within a `Store` on creation to support concurrent execution
3012 /// of WebAssembly guests. This is primarily applicable to the
3013 /// [`Config::wasm_component_model_async`] configuration which is the first
3014 /// time Wasmtime has supported concurrent execution of guests. This
3015 /// configuration option, for example, enables usage of
3016 /// [`Store::run_concurrent`], [`Func::call_concurrent`], [`StreamReader`],
3017 /// etc.
3018 ///
3019 /// This configuration option can be manually disabled to avoid initializing
3020 /// data structures in the [`Store`] related to concurrent execution. When
3021 /// this option is disabled then APIs related to concurrency will all fail
3022 /// with a panic. For example [`Store::run_concurrent`] will panic, creating
3023 /// a [`StreamReader`] will panic, etc.
3024 ///
3025 /// The value of this option additionally affects whether a [`Config`] is
3026 /// valid and the default set of enabled WebAssembly features. If this
3027 /// option is disabled then component-model features related to concurrency
3028 /// will all be disabled. If this option is enabled, then the options will
3029 /// retain their normal defaults. It is not valid to create a [`Config`]
3030 /// with component-model-async explicitly enabled and this option explicitly
3031 /// disabled, however.
3032 ///
3033 /// This option defaults to `true`.
3034 ///
3035 /// [`Store`]: crate::Store
3036 /// [`Store::run_concurrent`]: crate::Store::run_concurrent
3037 /// [`Func::call_concurrent`]: crate::component::Func::call_concurrent
3038 /// [`StreamReader`]: crate::component::StreamReader
concurrency_support(&mut self, enable: bool) -> &mut Self3039 pub fn concurrency_support(&mut self, enable: bool) -> &mut Self {
3040 self.tunables.concurrency_support = Some(enable);
3041 self
3042 }
3043
3044 /// Validate if the current configuration has conflicting overrides that prevent
3045 /// execution determinism. Returns an error if a conflict exists.
3046 ///
3047 /// Note: Keep this in sync with [`Config::enforce_determinism`].
3048 #[inline]
3049 #[cfg(feature = "rr")]
validate_rr_determinism_conflicts(&self) -> Result<()>3050 pub(crate) fn validate_rr_determinism_conflicts(&self) -> Result<()> {
3051 if let Some(v) = self.tunables.relaxed_simd_deterministic {
3052 if v == false {
3053 bail!("Relaxed deterministic SIMD cannot be disabled when determinism is enforced");
3054 }
3055 }
3056 #[cfg(any(feature = "cranelift", feature = "winch"))]
3057 if let Some(v) = self
3058 .compiler_config
3059 .as_ref()
3060 .and_then(|c| c.settings.get("enable_nan_canonicalization"))
3061 {
3062 if v != "true" {
3063 bail!("NaN canonicalization cannot be disabled when determinism is enforced");
3064 }
3065 }
3066 Ok(())
3067 }
3068
3069 /// Enable execution trace recording or replaying to the configuration.
3070 ///
3071 /// When either recording/replaying are enabled, validation fails if settings
3072 /// that control determinism are not set appropriately. In particular, RR requires
3073 /// doing the following:
3074 /// * Enabling NaN canonicalization with [`Config::cranelift_nan_canonicalization`].
3075 /// * Enabling deterministic relaxed SIMD with [`Config::relaxed_simd_deterministic`].
3076 #[inline]
rr(&mut self, cfg: RRConfig) -> &mut Self3077 pub fn rr(&mut self, cfg: RRConfig) -> &mut Self {
3078 self.rr_config = cfg;
3079 self
3080 }
3081 }
3082
3083 impl Default for Config {
default() -> Config3084 fn default() -> Config {
3085 Config::new()
3086 }
3087 }
3088
3089 impl fmt::Debug for Config {
fmt(&self, f: &mut fmt::Formatter) -> fmt::Result3090 fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
3091 let mut f = f.debug_struct("Config");
3092
3093 // Not every flag in WasmFeatures can be enabled as part of creating
3094 // a Config. This impl gives a complete picture of all WasmFeatures
3095 // enabled, and doesn't require maintenance by hand (which has become out
3096 // of date in the past), at the cost of possible confusion for why
3097 // a flag in this set doesn't have a Config setter.
3098 let features = self.features();
3099 for flag in WasmFeatures::FLAGS.iter() {
3100 f.field(
3101 &format!("wasm_{}", flag.name().to_lowercase()),
3102 &features.contains(*flag.value()),
3103 );
3104 }
3105
3106 f.field("parallel_compilation", &self.parallel_compilation);
3107 #[cfg(any(feature = "cranelift", feature = "winch"))]
3108 {
3109 f.field("compiler_config", &self.compiler_config);
3110 }
3111
3112 self.tunables.format(&mut f);
3113 f.finish()
3114 }
3115 }
3116
3117 /// Possible Compilation strategies for a wasm module.
3118 ///
3119 /// This is used as an argument to the [`Config::strategy`] method.
3120 #[non_exhaustive]
3121 #[derive(PartialEq, Eq, Clone, Debug, Copy)]
3122 pub enum Strategy {
3123 /// An indicator that the compilation strategy should be automatically
3124 /// selected.
3125 ///
3126 /// This is generally what you want for most projects and indicates that the
3127 /// `wasmtime` crate itself should make the decision about what the best
3128 /// code generator for a wasm module is.
3129 ///
3130 /// Currently this always defaults to Cranelift, but the default value may
3131 /// change over time.
3132 Auto,
3133
3134 /// Currently the default backend, Cranelift aims to be a reasonably fast
3135 /// code generator which generates high quality machine code.
3136 Cranelift,
3137
3138 /// A low-latency baseline compiler for WebAssembly.
3139 /// For more details regarding ISA support and Wasm proposals support
3140 /// see <https://docs.wasmtime.dev/stability-tiers.html#current-tier-status>
3141 Winch,
3142 }
3143
3144 #[cfg(any(feature = "winch", feature = "cranelift"))]
3145 impl Strategy {
not_auto(&self) -> Option<Strategy>3146 fn not_auto(&self) -> Option<Strategy> {
3147 match self {
3148 Strategy::Auto => {
3149 if cfg!(feature = "cranelift") {
3150 Some(Strategy::Cranelift)
3151 } else if cfg!(feature = "winch") {
3152 Some(Strategy::Winch)
3153 } else {
3154 None
3155 }
3156 }
3157 other => Some(*other),
3158 }
3159 }
3160 }
3161
3162 /// Possible garbage collector implementations for Wasm.
3163 ///
3164 /// This is used as an argument to the [`Config::collector`] method.
3165 ///
3166 /// The properties of Wasmtime's available collectors are summarized in the
3167 /// following table:
3168 ///
3169 /// | Collector | Collects Garbage[^1] | Latency[^2] | Throughput[^3] | Allocation Speed[^4] | Heap Utilization[^5] |
3170 /// |-----------------------------|----------------------|-------------|----------------|----------------------|----------------------|
3171 /// | `DeferredReferenceCounting` | Yes, but not cycles | �� | �� | �� | �� |
3172 /// | `Null` | No | �� | �� | �� | �� |
3173 ///
3174 /// [^1]: Whether or not the collector is capable of collecting garbage and cyclic garbage.
3175 ///
3176 /// [^2]: How long the Wasm program is paused during garbage
3177 /// collections. Shorter is better. In general, better latency implies
3178 /// worse throughput and vice versa.
3179 ///
3180 /// [^3]: How fast the Wasm program runs when using this collector. Roughly
3181 /// equivalent to the number of Wasm instructions executed per
3182 /// second. Faster is better. In general, better throughput implies worse
3183 /// latency and vice versa.
3184 ///
3185 /// [^4]: How fast can individual objects be allocated?
3186 ///
3187 /// [^5]: How many objects can the collector fit into N bytes of memory? That
3188 /// is, how much space for bookkeeping and metadata does this collector
3189 /// require? Less space taken up by metadata means more space for
3190 /// additional objects. Reference counts are larger than mark bits and
3191 /// free lists are larger than bump pointers, for example.
3192 #[non_exhaustive]
3193 #[derive(PartialEq, Eq, Clone, Debug, Copy)]
3194 pub enum Collector {
3195 /// An indicator that the garbage collector should be automatically
3196 /// selected.
3197 ///
3198 /// This is generally what you want for most projects and indicates that the
3199 /// `wasmtime` crate itself should make the decision about what the best
3200 /// collector for a wasm module is.
3201 ///
3202 /// Currently this always defaults to the deferred reference-counting
3203 /// collector, but the default value may change over time.
3204 Auto,
3205
3206 /// The deferred reference-counting collector.
3207 ///
3208 /// A reference-counting collector, generally trading improved latency for
3209 /// worsened throughput. However, to avoid the largest overheads of
3210 /// reference counting, it avoids manipulating reference counts for Wasm
3211 /// objects on the stack. Instead, it will hold a reference count for an
3212 /// over-approximation of all objects that are currently on the stack, trace
3213 /// the stack during collection to find the precise set of on-stack roots,
3214 /// and decrement the reference count of any object that was in the
3215 /// over-approximation but not the precise set. This improves throughput,
3216 /// compared to "pure" reference counting, by performing many fewer
3217 /// refcount-increment and -decrement operations. The cost is the increased
3218 /// latency associated with tracing the stack.
3219 ///
3220 /// This collector cannot currently collect cycles; they will leak until the
3221 /// GC heap's store is dropped.
3222 DeferredReferenceCounting,
3223
3224 /// The null collector.
3225 ///
3226 /// This collector does not actually collect any garbage. It simply
3227 /// allocates objects until it runs out of memory, at which point further
3228 /// objects allocation attempts will trap.
3229 ///
3230 /// This collector is useful for incredibly short-running Wasm instances
3231 /// where additionally you would rather halt an over-allocating Wasm program
3232 /// than spend time collecting its garbage to allow it to keep running. It
3233 /// is also useful for measuring the overheads associated with other
3234 /// collectors, as this collector imposes as close to zero throughput and
3235 /// latency overhead as possible.
3236 Null,
3237 }
3238
3239 impl Default for Collector {
default() -> Collector3240 fn default() -> Collector {
3241 Collector::Auto
3242 }
3243 }
3244
3245 #[cfg(feature = "gc")]
3246 impl Collector {
not_auto(&self) -> Option<Collector>3247 fn not_auto(&self) -> Option<Collector> {
3248 match self {
3249 Collector::Auto => {
3250 if cfg!(feature = "gc-drc") {
3251 Some(Collector::DeferredReferenceCounting)
3252 } else if cfg!(feature = "gc-null") {
3253 Some(Collector::Null)
3254 } else {
3255 None
3256 }
3257 }
3258 other => Some(*other),
3259 }
3260 }
3261
try_not_auto(&self) -> Result<Self>3262 fn try_not_auto(&self) -> Result<Self> {
3263 match self.not_auto() {
3264 #[cfg(feature = "gc-drc")]
3265 Some(c @ Collector::DeferredReferenceCounting) => Ok(c),
3266 #[cfg(not(feature = "gc-drc"))]
3267 Some(Collector::DeferredReferenceCounting) => bail!(
3268 "cannot create an engine using the deferred reference-counting \
3269 collector because the `gc-drc` feature was not enabled at \
3270 compile time",
3271 ),
3272
3273 #[cfg(feature = "gc-null")]
3274 Some(c @ Collector::Null) => Ok(c),
3275 #[cfg(not(feature = "gc-null"))]
3276 Some(Collector::Null) => bail!(
3277 "cannot create an engine using the null collector because \
3278 the `gc-null` feature was not enabled at compile time",
3279 ),
3280
3281 Some(Collector::Auto) => unreachable!(),
3282
3283 None => bail!(
3284 "cannot create an engine with GC support when none of the \
3285 collectors are available; enable one of the following \
3286 features: `gc-drc`, `gc-null`",
3287 ),
3288 }
3289 }
3290 }
3291
3292 /// Possible optimization levels for the Cranelift codegen backend.
3293 #[non_exhaustive]
3294 #[derive(Copy, Clone, Debug, Eq, PartialEq)]
3295 pub enum OptLevel {
3296 /// No optimizations performed, minimizes compilation time by disabling most
3297 /// optimizations.
3298 None,
3299 /// Generates the fastest possible code, but may take longer.
3300 Speed,
3301 /// Similar to `speed`, but also performs transformations aimed at reducing
3302 /// code size.
3303 SpeedAndSize,
3304 }
3305
3306 /// Possible register allocator algorithms for the Cranelift codegen backend.
3307 #[non_exhaustive]
3308 #[derive(Copy, Clone, Debug, Eq, PartialEq)]
3309 pub enum RegallocAlgorithm {
3310 /// Generates the fastest possible code, but may take longer.
3311 ///
3312 /// This algorithm performs "backtracking", which means that it may
3313 /// undo its earlier work and retry as it discovers conflicts. This
3314 /// results in better register utilization, producing fewer spills
3315 /// and moves, but can cause super-linear compile runtime.
3316 Backtracking,
3317 /// Generates acceptable code very quickly.
3318 ///
3319 /// This algorithm performs a single pass through the code,
3320 /// guaranteed to work in linear time. (Note that the rest of
3321 /// Cranelift is not necessarily guaranteed to run in linear time,
3322 /// however.) It cannot undo earlier decisions, however, and it
3323 /// cannot foresee constraints or issues that may occur further
3324 /// ahead in the code, so the code may have more spills and moves as
3325 /// a result.
3326 ///
3327 /// > **Note**: This algorithm is not yet production-ready and has
3328 /// > historically had known problems. It is not recommended to enable this
3329 /// > algorithm for security-sensitive applications and the Wasmtime project
3330 /// > does not consider this configuration option for issuing security
3331 /// > advisories at this time.
3332 SinglePass,
3333 }
3334
3335 /// Select which profiling technique to support.
3336 #[derive(Debug, Clone, Copy, PartialEq)]
3337 pub enum ProfilingStrategy {
3338 /// No profiler support.
3339 None,
3340
3341 /// Collect function name information as the "perf map" file format, used with `perf` on Linux.
3342 PerfMap,
3343
3344 /// Collect profiling info for "jitdump" file format, used with `perf` on
3345 /// Linux.
3346 JitDump,
3347
3348 /// Collect profiling info using the "ittapi", used with `VTune` on Linux.
3349 VTune,
3350
3351 /// Support for profiling Pulley, Wasmtime's interpreter. Note that enabling
3352 /// this at runtime requires enabling the `profile-pulley` Cargo feature at
3353 /// compile time.
3354 Pulley,
3355 }
3356
3357 /// Select how wasm backtrace detailed information is handled.
3358 #[derive(Debug, Clone, Copy)]
3359 pub enum WasmBacktraceDetails {
3360 /// Support is unconditionally enabled and wasmtime will parse and read
3361 /// debug information.
3362 Enable,
3363
3364 /// Support is disabled, and wasmtime will not parse debug information for
3365 /// backtrace details.
3366 Disable,
3367
3368 /// Support for backtrace details is conditional on the
3369 /// `WASMTIME_BACKTRACE_DETAILS` environment variable.
3370 Environment,
3371 }
3372
3373 /// Describe the tri-state configuration of keys such as MPK or PAGEMAP_SCAN.
3374 #[derive(Clone, Copy, Debug, Eq, PartialEq, Hash)]
3375 pub enum Enabled {
3376 /// Enable this feature if it's detected on the host system, otherwise leave
3377 /// it disabled.
3378 Auto,
3379 /// Enable this feature and fail configuration if the feature is not
3380 /// detected on the host system.
3381 Yes,
3382 /// Do not enable this feature, even if the host system supports it.
3383 No,
3384 }
3385
3386 /// Configuration options used with [`InstanceAllocationStrategy::Pooling`] to
3387 /// change the behavior of the pooling instance allocator.
3388 ///
3389 /// This structure has a builder-style API in the same manner as [`Config`] and
3390 /// is configured with [`Config::allocation_strategy`].
3391 ///
3392 /// Note that usage of the pooling allocator does not affect compiled
3393 /// WebAssembly code. Compiled `*.cwasm` files, for example, are usable both
3394 /// with and without the pooling allocator.
3395 ///
3396 /// ## Advantages of Pooled Allocation
3397 ///
3398 /// The main benefit of the pooling allocator is to make WebAssembly
3399 /// instantiation both faster and more scalable in terms of parallelism.
3400 /// Allocation is faster because virtual memory is already configured and ready
3401 /// to go within the pool, there's no need to [`mmap`] (for example on Unix) a
3402 /// new region and configure it with guard pages. By avoiding [`mmap`] this
3403 /// avoids whole-process virtual memory locks which can improve scalability and
3404 /// performance through avoiding this.
3405 ///
3406 /// Additionally with pooled allocation it's possible to create "affine slots"
3407 /// to a particular WebAssembly module or component over time. For example if
3408 /// the same module is multiple times over time the pooling allocator will, by
3409 /// default, attempt to reuse the same slot. This mean that the slot has been
3410 /// pre-configured and can retain virtual memory mappings for a copy-on-write
3411 /// image, for example (see [`Config::memory_init_cow`] for more information.
3412 /// This means that in a steady state instance deallocation is a single
3413 /// [`madvise`] to reset linear memory to its original contents followed by a
3414 /// single (optional) [`mprotect`] during the next instantiation to shrink
3415 /// memory back to its original size. Compared to non-pooled allocation this
3416 /// avoids the need to [`mmap`] a new region of memory, [`munmap`] it, and
3417 /// [`mprotect`] regions too.
3418 ///
3419 /// Another benefit of pooled allocation is that it's possible to configure
3420 /// things such that no virtual memory management is required at all in a steady
3421 /// state. For example a pooling allocator can be configured with:
3422 ///
3423 /// * [`Config::memory_init_cow`] disabled
3424 /// * [`Config::memory_guard_size`] disabled
3425 /// * [`Config::memory_reservation`] shrunk to minimal size
3426 /// * [`PoolingAllocationConfig::table_keep_resident`] sufficiently large
3427 /// * [`PoolingAllocationConfig::linear_memory_keep_resident`] sufficiently large
3428 ///
3429 /// With all these options in place no virtual memory tricks are used at all and
3430 /// everything is manually managed by Wasmtime (for example resetting memory is
3431 /// a `memset(0)`). This is not as fast in a single-threaded scenario but can
3432 /// provide benefits in high-parallelism situations as no virtual memory locks
3433 /// or IPIs need happen.
3434 ///
3435 /// ## Disadvantages of Pooled Allocation
3436 ///
3437 /// Despite the above advantages to instantiation performance the pooling
3438 /// allocator is not enabled by default in Wasmtime. One reason is that the
3439 /// performance advantages are not necessarily portable, for example while the
3440 /// pooling allocator works on Windows it has not been tuned for performance on
3441 /// Windows in the same way it has on Linux.
3442 ///
3443 /// Additionally the main cost of the pooling allocator is that it requires a
3444 /// very large reservation of virtual memory (on the order of most of the
3445 /// addressable virtual address space). WebAssembly 32-bit linear memories in
3446 /// Wasmtime are, by default 4G address space reservations with a small guard
3447 /// region both before and after the linear memory. Memories in the pooling
3448 /// allocator are contiguous which means that we only need a guard after linear
3449 /// memory because the previous linear memory's slot post-guard is our own
3450 /// pre-guard. This means that, by default, the pooling allocator uses roughly
3451 /// 4G of virtual memory per WebAssembly linear memory slot. 4G of virtual
3452 /// memory is 32 bits of a 64-bit address. Many 64-bit systems can only
3453 /// actually use 48-bit addresses by default (although this can be extended on
3454 /// architectures nowadays too), and of those 48 bits one of them is reserved
3455 /// to indicate kernel-vs-userspace. This leaves 47-32=15 bits left,
3456 /// meaning you can only have at most 32k slots of linear memories on many
3457 /// systems by default. This is a relatively small number and shows how the
3458 /// pooling allocator can quickly exhaust all of virtual memory.
3459 ///
3460 /// Another disadvantage of the pooling allocator is that it may keep memory
3461 /// alive when nothing is using it. A previously used slot for an instance might
3462 /// have paged-in memory that will not get paged out until the
3463 /// [`Engine`](crate::Engine) owning the pooling allocator is dropped. While
3464 /// suitable for some applications this behavior may not be suitable for all
3465 /// applications.
3466 ///
3467 /// Finally the last disadvantage of the pooling allocator is that the
3468 /// configuration values for the maximum number of instances, memories, tables,
3469 /// etc, must all be fixed up-front. There's not always a clear answer as to
3470 /// what these values should be so not all applications may be able to work
3471 /// with this constraint.
3472 ///
3473 /// [`madvise`]: https://man7.org/linux/man-pages/man2/madvise.2.html
3474 /// [`mprotect`]: https://man7.org/linux/man-pages/man2/mprotect.2.html
3475 /// [`mmap`]: https://man7.org/linux/man-pages/man2/mmap.2.html
3476 /// [`munmap`]: https://man7.org/linux/man-pages/man2/munmap.2.html
3477 #[cfg(feature = "pooling-allocator")]
3478 #[derive(Debug, Clone, Default)]
3479 pub struct PoolingAllocationConfig {
3480 config: crate::runtime::vm::PoolingInstanceAllocatorConfig,
3481 }
3482
3483 #[cfg(feature = "pooling-allocator")]
3484 impl PoolingAllocationConfig {
3485 /// Returns a new configuration builder with all default settings
3486 /// configured.
new() -> PoolingAllocationConfig3487 pub fn new() -> PoolingAllocationConfig {
3488 PoolingAllocationConfig::default()
3489 }
3490
3491 /// Configures the maximum number of "unused warm slots" to retain in the
3492 /// pooling allocator.
3493 ///
3494 /// The pooling allocator operates over slots to allocate from, and each
3495 /// slot is considered "cold" if it's never been used before or "warm" if
3496 /// it's been used by some module in the past. Slots in the pooling
3497 /// allocator additionally track an "affinity" flag to a particular core
3498 /// wasm module. When a module is instantiated into a slot then the slot is
3499 /// considered affine to that module, even after the instance has been
3500 /// deallocated.
3501 ///
3502 /// When a new instance is created then a slot must be chosen, and the
3503 /// current algorithm for selecting a slot is:
3504 ///
3505 /// * If there are slots that are affine to the module being instantiated,
3506 /// then the most recently used slot is selected to be allocated from.
3507 /// This is done to improve reuse of resources such as memory mappings and
3508 /// additionally try to benefit from temporal locality for things like
3509 /// caches.
3510 ///
3511 /// * Otherwise if there are more than N affine slots to other modules, then
3512 /// one of those affine slots is chosen to be allocated. The slot chosen
3513 /// is picked on a least-recently-used basis.
3514 ///
3515 /// * Finally, if there are less than N affine slots to other modules, then
3516 /// the non-affine slots are allocated from.
3517 ///
3518 /// This setting, `max_unused_warm_slots`, is the value for N in the above
3519 /// algorithm. The purpose of this setting is to have a knob over the RSS
3520 /// impact of "unused slots" for a long-running wasm server.
3521 ///
3522 /// If this setting is set to 0, for example, then affine slots are
3523 /// aggressively reused on a least-recently-used basis. A "cold" slot is
3524 /// only used if there are no affine slots available to allocate from. This
3525 /// means that the set of slots used over the lifetime of a program is the
3526 /// same as the maximum concurrent number of wasm instances.
3527 ///
3528 /// If this setting is set to infinity, however, then cold slots are
3529 /// prioritized to be allocated from. This means that the set of slots used
3530 /// over the lifetime of a program will approach
3531 /// [`PoolingAllocationConfig::total_memories`], or the maximum number of
3532 /// slots in the pooling allocator.
3533 ///
3534 /// Wasmtime does not aggressively decommit all resources associated with a
3535 /// slot when the slot is not in use. For example the
3536 /// [`PoolingAllocationConfig::linear_memory_keep_resident`] option can be
3537 /// used to keep memory associated with a slot, even when it's not in use.
3538 /// This means that the total set of used slots in the pooling instance
3539 /// allocator can impact the overall RSS usage of a program.
3540 ///
3541 /// The default value for this option is `100`.
max_unused_warm_slots(&mut self, max: u32) -> &mut Self3542 pub fn max_unused_warm_slots(&mut self, max: u32) -> &mut Self {
3543 self.config.max_unused_warm_slots = max;
3544 self
3545 }
3546
3547 /// The target number of decommits to do per batch.
3548 ///
3549 /// This is not precise, as we can queue up decommits at times when we
3550 /// aren't prepared to immediately flush them, and so we may go over this
3551 /// target size occasionally.
3552 ///
3553 /// A batch size of one effectively disables batching.
3554 ///
3555 /// Defaults to `1`.
decommit_batch_size(&mut self, batch_size: usize) -> &mut Self3556 pub fn decommit_batch_size(&mut self, batch_size: usize) -> &mut Self {
3557 self.config.decommit_batch_size = batch_size;
3558 self
3559 }
3560
3561 /// How much memory, in bytes, to keep resident for async stacks allocated
3562 /// with the pooling allocator.
3563 ///
3564 /// When [`Config::async_stack_zeroing`] is enabled then Wasmtime will reset
3565 /// the contents of async stacks back to zero upon deallocation. This option
3566 /// can be used to perform the zeroing operation with `memset` up to a
3567 /// certain threshold of bytes instead of using system calls to reset the
3568 /// stack to zero.
3569 ///
3570 /// Note that when using this option the memory with async stacks will
3571 /// never be decommitted.
3572 #[cfg(feature = "async")]
async_stack_keep_resident(&mut self, size: usize) -> &mut Self3573 pub fn async_stack_keep_resident(&mut self, size: usize) -> &mut Self {
3574 self.config.async_stack_keep_resident = size;
3575 self
3576 }
3577
3578 /// How much memory, in bytes, to keep resident for each linear memory
3579 /// after deallocation.
3580 ///
3581 /// This option is only applicable on Linux and has no effect on other
3582 /// platforms.
3583 ///
3584 /// By default Wasmtime will use `madvise` to reset the entire contents of
3585 /// linear memory back to zero when a linear memory is deallocated. This
3586 /// option can be used to use `memset` instead to set memory back to zero
3587 /// which can, in some configurations, reduce the number of page faults
3588 /// taken when a slot is reused.
linear_memory_keep_resident(&mut self, size: usize) -> &mut Self3589 pub fn linear_memory_keep_resident(&mut self, size: usize) -> &mut Self {
3590 self.config.linear_memory_keep_resident = size;
3591 self
3592 }
3593
3594 /// How much memory, in bytes, to keep resident for each table after
3595 /// deallocation.
3596 ///
3597 /// This option is only applicable on Linux and has no effect on other
3598 /// platforms.
3599 ///
3600 /// This option is the same as
3601 /// [`PoolingAllocationConfig::linear_memory_keep_resident`] except that it
3602 /// is applicable to tables instead.
table_keep_resident(&mut self, size: usize) -> &mut Self3603 pub fn table_keep_resident(&mut self, size: usize) -> &mut Self {
3604 self.config.table_keep_resident = size;
3605 self
3606 }
3607
3608 /// The maximum number of concurrent component instances supported (default
3609 /// is `1000`).
3610 ///
3611 /// This provides an upper-bound on the total size of component
3612 /// metadata-related allocations, along with
3613 /// [`PoolingAllocationConfig::max_component_instance_size`]. The upper bound is
3614 ///
3615 /// ```text
3616 /// total_component_instances * max_component_instance_size
3617 /// ```
3618 ///
3619 /// where `max_component_instance_size` is rounded up to the size and alignment
3620 /// of the internal representation of the metadata.
total_component_instances(&mut self, count: u32) -> &mut Self3621 pub fn total_component_instances(&mut self, count: u32) -> &mut Self {
3622 self.config.limits.total_component_instances = count;
3623 self
3624 }
3625
3626 /// The maximum size, in bytes, allocated for a component instance's
3627 /// `VMComponentContext` metadata as well as the aggregate size of this
3628 /// component's core instances `VMContext` metadata.
3629 ///
3630 /// The [`wasmtime::component::Instance`][crate::component::Instance] type
3631 /// has a static size but its internal `VMComponentContext` is dynamically
3632 /// sized depending on the component being instantiated. This size limit
3633 /// loosely correlates to the size of the component, taking into account
3634 /// factors such as:
3635 ///
3636 /// * number of lifted and lowered functions,
3637 /// * number of memories
3638 /// * number of inner instances
3639 /// * number of resources
3640 ///
3641 /// If the allocated size per instance is too small then instantiation of a
3642 /// module will fail at runtime with an error indicating how many bytes were
3643 /// needed.
3644 ///
3645 /// In addition to the memory in the runtime for the component itself,
3646 /// components contain one or more core module instances. Each of these
3647 /// require some memory in the runtime as described in
3648 /// [`PoolingAllocationConfig::max_core_instance_size`]. The limit here
3649 /// applies against the sum of all of these individual allocations.
3650 ///
3651 /// The default value for this is 1MiB.
3652 ///
3653 /// This provides an upper-bound on the total size of all component's
3654 /// metadata-related allocations (for both the component and its embedded
3655 /// core module instances), along with
3656 /// [`PoolingAllocationConfig::total_component_instances`]. The upper bound is
3657 ///
3658 /// ```text
3659 /// total_component_instances * max_component_instance_size
3660 /// ```
3661 ///
3662 /// where `max_component_instance_size` is rounded up to the size and alignment
3663 /// of the internal representation of the metadata.
max_component_instance_size(&mut self, size: usize) -> &mut Self3664 pub fn max_component_instance_size(&mut self, size: usize) -> &mut Self {
3665 self.config.limits.component_instance_size = size;
3666 self
3667 }
3668
3669 /// The maximum number of core instances a single component may contain
3670 /// (default is unlimited).
3671 ///
3672 /// This method (along with
3673 /// [`PoolingAllocationConfig::max_memories_per_component`],
3674 /// [`PoolingAllocationConfig::max_tables_per_component`], and
3675 /// [`PoolingAllocationConfig::max_component_instance_size`]) allows you to cap
3676 /// the amount of resources a single component allocation consumes.
3677 ///
3678 /// If a component will instantiate more core instances than `count`, then
3679 /// the component will fail to instantiate.
max_core_instances_per_component(&mut self, count: u32) -> &mut Self3680 pub fn max_core_instances_per_component(&mut self, count: u32) -> &mut Self {
3681 self.config.limits.max_core_instances_per_component = count;
3682 self
3683 }
3684
3685 /// The maximum number of Wasm linear memories that a single component may
3686 /// transitively contain (default is unlimited).
3687 ///
3688 /// This method (along with
3689 /// [`PoolingAllocationConfig::max_core_instances_per_component`],
3690 /// [`PoolingAllocationConfig::max_tables_per_component`], and
3691 /// [`PoolingAllocationConfig::max_component_instance_size`]) allows you to cap
3692 /// the amount of resources a single component allocation consumes.
3693 ///
3694 /// If a component transitively contains more linear memories than `count`,
3695 /// then the component will fail to instantiate.
max_memories_per_component(&mut self, count: u32) -> &mut Self3696 pub fn max_memories_per_component(&mut self, count: u32) -> &mut Self {
3697 self.config.limits.max_memories_per_component = count;
3698 self
3699 }
3700
3701 /// The maximum number of tables that a single component may transitively
3702 /// contain (default is unlimited).
3703 ///
3704 /// This method (along with
3705 /// [`PoolingAllocationConfig::max_core_instances_per_component`],
3706 /// [`PoolingAllocationConfig::max_memories_per_component`],
3707 /// [`PoolingAllocationConfig::max_component_instance_size`]) allows you to cap
3708 /// the amount of resources a single component allocation consumes.
3709 ///
3710 /// If a component will transitively contains more tables than `count`, then
3711 /// the component will fail to instantiate.
max_tables_per_component(&mut self, count: u32) -> &mut Self3712 pub fn max_tables_per_component(&mut self, count: u32) -> &mut Self {
3713 self.config.limits.max_tables_per_component = count;
3714 self
3715 }
3716
3717 /// The maximum number of concurrent Wasm linear memories supported (default
3718 /// is `1000`).
3719 ///
3720 /// This value has a direct impact on the amount of memory allocated by the pooling
3721 /// instance allocator.
3722 ///
3723 /// The pooling instance allocator allocates a memory pool, where each entry
3724 /// in the pool contains the reserved address space for each linear memory
3725 /// supported by an instance.
3726 ///
3727 /// The memory pool will reserve a large quantity of host process address
3728 /// space to elide the bounds checks required for correct WebAssembly memory
3729 /// semantics. Even with 64-bit address spaces, the address space is limited
3730 /// when dealing with a large number of linear memories.
3731 ///
3732 /// For example, on Linux x86_64, the userland address space limit is 128
3733 /// TiB. That might seem like a lot, but each linear memory will *reserve* 6
3734 /// GiB of space by default.
total_memories(&mut self, count: u32) -> &mut Self3735 pub fn total_memories(&mut self, count: u32) -> &mut Self {
3736 self.config.limits.total_memories = count;
3737 self
3738 }
3739
3740 /// The maximum number of concurrent tables supported (default is `1000`).
3741 ///
3742 /// This value has a direct impact on the amount of memory allocated by the
3743 /// pooling instance allocator.
3744 ///
3745 /// The pooling instance allocator allocates a table pool, where each entry
3746 /// in the pool contains the space needed for each WebAssembly table
3747 /// supported by an instance (see `table_elements` to control the size of
3748 /// each table).
total_tables(&mut self, count: u32) -> &mut Self3749 pub fn total_tables(&mut self, count: u32) -> &mut Self {
3750 self.config.limits.total_tables = count;
3751 self
3752 }
3753
3754 /// The maximum number of execution stacks allowed for asynchronous
3755 /// execution, when enabled (default is `1000`).
3756 ///
3757 /// This value has a direct impact on the amount of memory allocated by the
3758 /// pooling instance allocator.
3759 #[cfg(feature = "async")]
total_stacks(&mut self, count: u32) -> &mut Self3760 pub fn total_stacks(&mut self, count: u32) -> &mut Self {
3761 self.config.limits.total_stacks = count;
3762 self
3763 }
3764
3765 /// The maximum number of concurrent core instances supported (default is
3766 /// `1000`).
3767 ///
3768 /// This provides an upper-bound on the total size of core instance
3769 /// metadata-related allocations, along with
3770 /// [`PoolingAllocationConfig::max_core_instance_size`]. The upper bound is
3771 ///
3772 /// ```text
3773 /// total_core_instances * max_core_instance_size
3774 /// ```
3775 ///
3776 /// where `max_core_instance_size` is rounded up to the size and alignment of
3777 /// the internal representation of the metadata.
total_core_instances(&mut self, count: u32) -> &mut Self3778 pub fn total_core_instances(&mut self, count: u32) -> &mut Self {
3779 self.config.limits.total_core_instances = count;
3780 self
3781 }
3782
3783 /// The maximum size, in bytes, allocated for a core instance's `VMContext`
3784 /// metadata.
3785 ///
3786 /// The [`Instance`][crate::Instance] type has a static size but its
3787 /// `VMContext` metadata is dynamically sized depending on the module being
3788 /// instantiated. This size limit loosely correlates to the size of the Wasm
3789 /// module, taking into account factors such as:
3790 ///
3791 /// * number of functions
3792 /// * number of globals
3793 /// * number of memories
3794 /// * number of tables
3795 /// * number of function types
3796 ///
3797 /// If the allocated size per instance is too small then instantiation of a
3798 /// module will fail at runtime with an error indicating how many bytes were
3799 /// needed.
3800 ///
3801 /// The default value for this is 1MiB.
3802 ///
3803 /// This provides an upper-bound on the total size of core instance
3804 /// metadata-related allocations, along with
3805 /// [`PoolingAllocationConfig::total_core_instances`]. The upper bound is
3806 ///
3807 /// ```text
3808 /// total_core_instances * max_core_instance_size
3809 /// ```
3810 ///
3811 /// where `max_core_instance_size` is rounded up to the size and alignment of
3812 /// the internal representation of the metadata.
max_core_instance_size(&mut self, size: usize) -> &mut Self3813 pub fn max_core_instance_size(&mut self, size: usize) -> &mut Self {
3814 self.config.limits.core_instance_size = size;
3815 self
3816 }
3817
3818 /// The maximum number of defined tables for a core module (default is `1`).
3819 ///
3820 /// This value controls the capacity of the `VMTableDefinition` table in
3821 /// each instance's `VMContext` structure.
3822 ///
3823 /// The allocated size of the table will be `tables *
3824 /// sizeof(VMTableDefinition)` for each instance regardless of how many
3825 /// tables are defined by an instance's module.
max_tables_per_module(&mut self, tables: u32) -> &mut Self3826 pub fn max_tables_per_module(&mut self, tables: u32) -> &mut Self {
3827 self.config.limits.max_tables_per_module = tables;
3828 self
3829 }
3830
3831 /// The maximum table elements for any table defined in a module (default is
3832 /// `20000`).
3833 ///
3834 /// If a table's minimum element limit is greater than this value, the
3835 /// module will fail to instantiate.
3836 ///
3837 /// If a table's maximum element limit is unbounded or greater than this
3838 /// value, the maximum will be `table_elements` for the purpose of any
3839 /// `table.grow` instruction.
3840 ///
3841 /// This value is used to reserve the maximum space for each supported
3842 /// table; table elements are pointer-sized in the Wasmtime runtime.
3843 /// Therefore, the space reserved for each instance is `tables *
3844 /// table_elements * sizeof::<*const ()>`.
table_elements(&mut self, elements: usize) -> &mut Self3845 pub fn table_elements(&mut self, elements: usize) -> &mut Self {
3846 self.config.limits.table_elements = elements;
3847 self
3848 }
3849
3850 /// The maximum number of defined linear memories for a module (default is
3851 /// `1`).
3852 ///
3853 /// This value controls the capacity of the `VMMemoryDefinition` table in
3854 /// each core instance's `VMContext` structure.
3855 ///
3856 /// The allocated size of the table will be `memories *
3857 /// sizeof(VMMemoryDefinition)` for each core instance regardless of how
3858 /// many memories are defined by the core instance's module.
max_memories_per_module(&mut self, memories: u32) -> &mut Self3859 pub fn max_memories_per_module(&mut self, memories: u32) -> &mut Self {
3860 self.config.limits.max_memories_per_module = memories;
3861 self
3862 }
3863
3864 /// The maximum byte size that any WebAssembly linear memory may grow to.
3865 ///
3866 /// This option defaults to 4 GiB meaning that for 32-bit linear memories
3867 /// there is no restrictions. 64-bit linear memories will not be allowed to
3868 /// grow beyond 4 GiB by default.
3869 ///
3870 /// If a memory's minimum size is greater than this value, the module will
3871 /// fail to instantiate.
3872 ///
3873 /// If a memory's maximum size is unbounded or greater than this value, the
3874 /// maximum will be `max_memory_size` for the purpose of any `memory.grow`
3875 /// instruction.
3876 ///
3877 /// This value is used to control the maximum accessible space for each
3878 /// linear memory of a core instance. This can be thought of as a simple
3879 /// mechanism like [`Store::limiter`](crate::Store::limiter) to limit memory
3880 /// at runtime. This value can also affect striping/coloring behavior when
3881 /// used in conjunction with
3882 /// [`memory_protection_keys`](PoolingAllocationConfig::memory_protection_keys).
3883 ///
3884 /// The virtual memory reservation size of each linear memory is controlled
3885 /// by the [`Config::memory_reservation`] setting and this method's
3886 /// configuration cannot exceed [`Config::memory_reservation`].
max_memory_size(&mut self, bytes: usize) -> &mut Self3887 pub fn max_memory_size(&mut self, bytes: usize) -> &mut Self {
3888 self.config.limits.max_memory_size = bytes;
3889 self
3890 }
3891
3892 /// Configures whether memory protection keys (MPK) should be used for more
3893 /// efficient layout of pool-allocated memories.
3894 ///
3895 /// When using the pooling allocator (see [`Config::allocation_strategy`],
3896 /// [`InstanceAllocationStrategy::Pooling`]), memory protection keys can
3897 /// reduce the total amount of allocated virtual memory by eliminating guard
3898 /// regions between WebAssembly memories in the pool. It does so by
3899 /// "coloring" memory regions with different memory keys and setting which
3900 /// regions are accessible each time executions switches from host to guest
3901 /// (or vice versa).
3902 ///
3903 /// Leveraging MPK requires configuring a smaller-than-default
3904 /// [`max_memory_size`](PoolingAllocationConfig::max_memory_size) to enable
3905 /// this coloring/striping behavior. For example embeddings might want to
3906 /// reduce the default 4G allowance to 128M.
3907 ///
3908 /// MPK is only available on Linux (called `pku` there) and recent x86
3909 /// systems; we check for MPK support at runtime by examining the `CPUID`
3910 /// register. This configuration setting can be in three states:
3911 ///
3912 /// - `auto`: if MPK support is available the guard regions are removed; if
3913 /// not, the guard regions remain
3914 /// - `yes`: use MPK to eliminate guard regions; fail if MPK is not
3915 /// supported
3916 /// - `no`: never use MPK
3917 ///
3918 /// By default this value is `no`, but may become `auto` in future
3919 /// releases.
3920 ///
3921 /// __WARNING__: this configuration options is still experimental--use at
3922 /// your own risk! MPK uses kernel and CPU features to protect memory
3923 /// regions; you may observe segmentation faults if anything is
3924 /// misconfigured.
3925 #[cfg(feature = "memory-protection-keys")]
memory_protection_keys(&mut self, enable: Enabled) -> &mut Self3926 pub fn memory_protection_keys(&mut self, enable: Enabled) -> &mut Self {
3927 self.config.memory_protection_keys = enable;
3928 self
3929 }
3930
3931 /// Sets an upper limit on how many memory protection keys (MPK) Wasmtime
3932 /// will use.
3933 ///
3934 /// This setting is only applicable when
3935 /// [`PoolingAllocationConfig::memory_protection_keys`] is set to `enable`
3936 /// or `auto`. Configuring this above the HW and OS limits (typically 15)
3937 /// has no effect.
3938 ///
3939 /// If multiple Wasmtime engines are used in the same process, note that all
3940 /// engines will share the same set of allocated keys; this setting will
3941 /// limit how many keys are allocated initially and thus available to all
3942 /// other engines.
3943 #[cfg(feature = "memory-protection-keys")]
max_memory_protection_keys(&mut self, max: usize) -> &mut Self3944 pub fn max_memory_protection_keys(&mut self, max: usize) -> &mut Self {
3945 self.config.max_memory_protection_keys = max;
3946 self
3947 }
3948
3949 /// Check if memory protection keys (MPK) are available on the current host.
3950 ///
3951 /// This is a convenience method for determining MPK availability using the
3952 /// same method that [`Enabled::Auto`] does. See
3953 /// [`PoolingAllocationConfig::memory_protection_keys`] for more
3954 /// information.
3955 #[cfg(feature = "memory-protection-keys")]
are_memory_protection_keys_available() -> bool3956 pub fn are_memory_protection_keys_available() -> bool {
3957 crate::runtime::vm::mpk::is_supported()
3958 }
3959
3960 /// The maximum number of concurrent GC heaps supported (default is `1000`).
3961 ///
3962 /// This value has a direct impact on the amount of memory allocated by the
3963 /// pooling instance allocator.
3964 ///
3965 /// The pooling instance allocator allocates a GC heap pool, where each
3966 /// entry in the pool contains the space needed for each GC heap used by a
3967 /// store.
3968 #[cfg(feature = "gc")]
total_gc_heaps(&mut self, count: u32) -> &mut Self3969 pub fn total_gc_heaps(&mut self, count: u32) -> &mut Self {
3970 self.config.limits.total_gc_heaps = count;
3971 self
3972 }
3973
3974 /// Configures whether the Linux-specific [`PAGEMAP_SCAN` ioctl][ioctl] is
3975 /// used to help reset linear memory.
3976 ///
3977 /// When [`Self::linear_memory_keep_resident`] or
3978 /// [`Self::table_keep_resident`] options are configured to nonzero values
3979 /// the default behavior is to `memset` the lowest addresses of a table or
3980 /// memory back to their original contents. With the `PAGEMAP_SCAN` ioctl on
3981 /// Linux this can be done to more intelligently scan for resident pages in
3982 /// the region and only reset those pages back to their original contents
3983 /// with `memset` rather than assuming the low addresses are all resident.
3984 ///
3985 /// This ioctl has the potential to provide a number of performance benefits
3986 /// in high-reuse and high concurrency scenarios. Notably this enables
3987 /// Wasmtime to scan the entire region of WebAssembly linear memory and
3988 /// manually reset memory back to its original contents, up to
3989 /// [`Self::linear_memory_keep_resident`] bytes, possibly skipping an
3990 /// `madvise` entirely. This can be more efficient by avoiding removing
3991 /// pages from the address space entirely and additionally ensuring that
3992 /// future use of the linear memory doesn't incur page faults as the pages
3993 /// remain resident.
3994 ///
3995 /// At this time this configuration option is still being evaluated as to
3996 /// how appropriate it is for all use cases. It currently defaults to
3997 /// `no` or disabled but may change to `auto`, enable if supported, in the
3998 /// future. This option is only supported on Linux and requires a kernel
3999 /// version of 6.7 or higher.
4000 ///
4001 /// [ioctl]: https://www.man7.org/linux/man-pages/man2/PAGEMAP_SCAN.2const.html
pagemap_scan(&mut self, enable: Enabled) -> &mut Self4002 pub fn pagemap_scan(&mut self, enable: Enabled) -> &mut Self {
4003 self.config.pagemap_scan = enable;
4004 self
4005 }
4006
4007 /// Tests whether [`Self::pagemap_scan`] is available or not on the host
4008 /// system.
is_pagemap_scan_available() -> bool4009 pub fn is_pagemap_scan_available() -> bool {
4010 crate::runtime::vm::PoolingInstanceAllocatorConfig::is_pagemap_scan_available()
4011 }
4012 }
4013
4014 #[cfg(feature = "std")]
detect_host_feature(feature: &str) -> Option<bool>4015 fn detect_host_feature(feature: &str) -> Option<bool> {
4016 #[cfg(target_arch = "aarch64")]
4017 {
4018 return match feature {
4019 "lse" => Some(std::arch::is_aarch64_feature_detected!("lse")),
4020 "paca" => Some(std::arch::is_aarch64_feature_detected!("paca")),
4021 "fp16" => Some(std::arch::is_aarch64_feature_detected!("fp16")),
4022
4023 _ => None,
4024 };
4025 }
4026
4027 // `is_s390x_feature_detected` is nightly only for now, so use the
4028 // STORE FACILITY LIST EXTENDED instruction as a temporary measure.
4029 #[cfg(target_arch = "s390x")]
4030 {
4031 let mut facility_list: [u64; 4] = [0; 4];
4032 unsafe {
4033 core::arch::asm!(
4034 "stfle 0({})",
4035 in(reg_addr) facility_list.as_mut_ptr() ,
4036 inout("r0") facility_list.len() as u64 - 1 => _,
4037 options(nostack)
4038 );
4039 }
4040 let get_facility_bit = |n: usize| {
4041 // NOTE: bits are numbered from the left.
4042 facility_list[n / 64] & (1 << (63 - (n % 64))) != 0
4043 };
4044
4045 return match feature {
4046 "mie3" => Some(get_facility_bit(61)),
4047 "mie4" => Some(get_facility_bit(84)),
4048 "vxrs_ext2" => Some(get_facility_bit(148)),
4049 "vxrs_ext3" => Some(get_facility_bit(198)),
4050
4051 _ => None,
4052 };
4053 }
4054
4055 #[cfg(target_arch = "riscv64")]
4056 {
4057 return match feature {
4058 // due to `is_riscv64_feature_detected` is not stable.
4059 // we cannot use it. For now lie and say all features are always
4060 // found to keep tests working.
4061 _ => Some(true),
4062 };
4063 }
4064
4065 #[cfg(target_arch = "x86_64")]
4066 {
4067 return match feature {
4068 "cmpxchg16b" => Some(std::is_x86_feature_detected!("cmpxchg16b")),
4069 "sse3" => Some(std::is_x86_feature_detected!("sse3")),
4070 "ssse3" => Some(std::is_x86_feature_detected!("ssse3")),
4071 "sse4.1" => Some(std::is_x86_feature_detected!("sse4.1")),
4072 "sse4.2" => Some(std::is_x86_feature_detected!("sse4.2")),
4073 "popcnt" => Some(std::is_x86_feature_detected!("popcnt")),
4074 "avx" => Some(std::is_x86_feature_detected!("avx")),
4075 "avx2" => Some(std::is_x86_feature_detected!("avx2")),
4076 "fma" => Some(std::is_x86_feature_detected!("fma")),
4077 "bmi1" => Some(std::is_x86_feature_detected!("bmi1")),
4078 "bmi2" => Some(std::is_x86_feature_detected!("bmi2")),
4079 "avx512bitalg" => Some(std::is_x86_feature_detected!("avx512bitalg")),
4080 "avx512dq" => Some(std::is_x86_feature_detected!("avx512dq")),
4081 "avx512f" => Some(std::is_x86_feature_detected!("avx512f")),
4082 "avx512vl" => Some(std::is_x86_feature_detected!("avx512vl")),
4083 "avx512vbmi" => Some(std::is_x86_feature_detected!("avx512vbmi")),
4084 "lzcnt" => Some(std::is_x86_feature_detected!("lzcnt")),
4085
4086 _ => None,
4087 };
4088 }
4089
4090 #[allow(
4091 unreachable_code,
4092 reason = "reachable or not depending on if a target above matches"
4093 )]
4094 {
4095 let _ = feature;
4096 return None;
4097 }
4098 }
4099